Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Virus in outlook?

Anoniem
None
24 antwoorden
  • Sinds een paar dagen krijg ik als ik mail via outlook verstuur de volgende melding:
    Er wordt van een programma geprobeerd toegang te verkrijgen tot jouw e-mailadressen. Ik klik natuurlijk op nee.
    Met spybot S&D, Ad-aware, Avast Antivirus en de online scan met Panda vind ik niets.
    Kan iemand mij zeggen hoe ik dit prograama opspoor en verwijder?
    Hierbij logfile HijackThis
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:35:31, on 20-11-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Fighters\sfagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\DOCUME~1\MARINU~1\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fighters\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fighters\FighterSuiteService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Illustrate\dBpowerAMP\Amp.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\sol.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=7956
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
    R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229205397031
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updateservice (gupdate1c98e1e5a214464) (gupdate1c98e1e5a214464) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
    O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe


    End of file - 12857 bytes
  • Hoi Marinus01, jouw log analyserende moet ik gewoon even het volgende kwijt:

    - een aantal diskutabele toolbars zijn geïnstalleerd
    - de goede gratis antivirus wordt ondersteunt door 3 aktieve spyware scanners, die alle drie tezamen niet de herkenningsgraad hebben zoals bijvoorbeeld Malwarebytre's MBAM dat heeft!
    Bovendien heeft de geïnstalleerde AVASt ook een prima active spywarescanner!
    Dus een overkil van vier aktieve spywarescanners, die wat drie betreft onnodig systeemresources gebruiken!



  • Had wat tijd nodig. services.exe deed niets, heb toen ad-aware maar helemaal verwijderd.
    Kan ik als alles schoon is (volgens mij nu nog niet) Spybot en Ad-aware weer activeren of is dat onnodig.
    NB Ik heb nog Windows XP

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:40:45, on 20-11-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fighters\sfus.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fighters\FighterSuiteService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Fighters\sfagent.exe
    C:\DOCUME~1\MARINU~1\LOCALS~1\Temp\clclean.0001
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\sol.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229205397031
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updateservice (gupdate1c98e1e5a214464) (gupdate1c98e1e5a214464) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
    O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe


    End of file - 10746 bytes
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 5156

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    20-11-2010 15:35:52
    mbam-log-2010-11-20 (15-35-52).txt

    Scantype: Snelle scan
    Objecten gescand: 144748
    Verstreken tijd: 5 minuut/minuten, 19 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 2
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
    µTorrent
    32 Bit HP CIO Components Installer
    Aangifte inkomstenbelasting 2008
    Aangifte inkomstenbelasting 2009
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1 - Nederlands
    Andrea VoiceCenter
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    Audacity 1.2.6
    Audiochecker
    avast! Free Antivirus
    AVS Audio Converter version 6.1
    AVS DVD Player version 2.4
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.3
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB968816)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2259922)
    Beveiligingsupdate voor Windows XP (KB2279986)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB923789)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB958690)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961371)
    Beveiligingsupdate voor Windows XP (KB961373)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB968537)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB969898)
    Beveiligingsupdate voor Windows XP (KB969947)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971486)
    Beveiligingsupdate voor Windows XP (KB971557)
    Beveiligingsupdate voor Windows XP (KB971633)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973346)
    Beveiligingsupdate voor Windows XP (KB973354)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973525)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB977165)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978251)
    Beveiligingsupdate voor Windows XP (KB978262)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB979687)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981322)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981957)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982132)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982665)
    Beveiligingsupdate voor Windows XP (KB982802)
    CD Wave Editor 1.98
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Creative Audiopakket
    dBpowerAMP
    dBpowerAMP AAC to Mp4 Codec
    dBpowerAMP CD Writer
    dBpowerAMP FLAC Codec
    dBpowerAMP Monkeys Audio Codec
    dBpowerAMP Mp4 & AAC Decode Codec
    dBpowerAMP Music Converter
    dBpowerAMP Shorten Codec
    dBpoweramp WavPack Codec
    dBpowerAMP WMA V9 Codec
    Dell Driver Reset Tool
    Dell Resource CD
    DVD Shrink 3.2
    EasyCleaner
    Essentiële update voor Windows Media Player 11 (KB959772)
    Exact Audio Copy 0.99pb5
    Express Burn Disc Burning Software
    Express Rip
    FLAC 1.2.1b (remove only)
    Fotoservice
    FurthurNET 1.7.5
    Glary Utilities 2.29.0.1032
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hema Album Software Advanced
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix voor Windows XP (KB2158563)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB970653-v3)
    Hotfix voor Windows XP (KB976098-v2)
    Hotfix voor Windows XP (KB979306)
    Hotfix voor Windows XP (KB981793)
    HP Customer Participation Program 11.0
    HP Imaging Device Functions 11.0
    HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
    HP Photosmart Essential 3.0
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    Intel(R) PRO Network Connections Drivers
    Java(TM) 6 Update 22
    Kruidvat fotoservice
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.12)
    Mp3tag v2.46a
    MSVC80_x86
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    myBabylon English Toolbar
    Nero Suite
    Nokia Connectivity Cable Driver
    Nokia Ovi Suite
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    Nokia PC Suite
    Nokia PC Suite
    Nokia Software Updater
    OCR Software by I.R.I.S. 11.0
    Ogg Codecs 0.81.15562
    Ovi Desktop Sync Engine
    OviMPlatform
    Panda ActiveScan 2.0
    PC Connectivity Solution
    PHPNukeEN Toolbar
    QuickTime
    Secunia PSI
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Shop for HP Supplies
    Sid Meier's Civilization 4
    Sid Meier's Civilization V
    SigmaTel Audio
    Sonic Advanced Decoder
    Sound Blaster ADVANCED MB Drivers
    Sound Blaster Audigy ADVANCED MB
    SPAMfighter
    SPAMfighter Client
    Spotify
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    Steam
    Switch Sound File Converter
    Sygate Personal Firewall
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    Tau Analyzer (remove only)
    Trader's Little Helper 2.5.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows Internet Explorer 8 (KB968220)
    Update voor Windows Internet Explorer 8 (KB976662)
    Update voor Windows Internet Explorer 8 (KB976749)
    Update voor Windows Internet Explorer 8 (KB980182)
    Update voor Windows XP (KB2141007)
    Update voor Windows XP (KB2345886)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB960763)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    VC 9.0 Runtime
    VC 9.0 Runtime
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.5
    WavePad Sound Editor
    Winamp
    Winamp Toolbar
    Windows Defender
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Update Remover
    Windows XP Service Pack 3
    Windows-stuurprogrammapakket - Nokia Modem (06/01/2009 7.01.0.4)
    Windows-stuurprogrammapakket - Nokia Modem (10/05/2009 4.2)
    Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    WinRAR
    XML Paper Specification Shared Components Language Pack 1.0
    YouTube Downloader 2.11
  • Hoi Marinus, ik adviseer je z.s.m. [b:e80e22030d]Office XP Service Pack 3 (SP3)[/b:e80e22030d] te installeren - zodat jouw Office XP iets stabieler wordt en nog weer geupdated kan worden!

    http://www.microsoft.com/downloads/details.aspx?displaylang=nl&FamilyID=85af7bfd-6f69-4289-8bd1-eb966bcdfb5e



    En doe dit:


    [b:e80e22030d]Doe de ESET online scan (Klik).[/b:e80e22030d]
    [list:e80e22030d][*:e80e22030d]Gebruik als webbrowser Internet Explorer
    [*:e80e22030d] Scroll naar beneden en klik op de knop [b:e80e22030d]Eset Online Scanner[/b:e80e22030d]
    [*:e80e22030d] Accepteer in het popupvenster de [b:e80e22030d]Terms of use[/b:e80e22030d]
    [*:e80e22030d] Klik dan op de [b:e80e22030d]Startknop[/b:e80e22030d]
    [*:e80e22030d] Klik op [b:e80e22030d]OK[/b:e80e22030d] om het Active-x bestand toe te staan
    [*:e80e22030d] Klik dan op [b:e80e22030d]installeren[/b:e80e22030d]
    [*:e80e22030d] Indien je meldingen krijgt van je eigen beveiligingssoftware, geef dan toestemming voor de Eset-applicatie
    [*:e80e22030d] Vervolgens krijg je dan een popup [b:e80e22030d]Computer Scan Settings[/b:e80e22030d], haal het vinkje weg bij [b:e80e22030d]Remove found threats[/b:e80e22030d]
    [*:e80e22030d] Klik vervolgens op [b:e80e22030d]Start[/b:e80e22030d]
    [*:e80e22030d] Geeft jouw beveiligingssoftware weer meldingen - sta toe dat e Esetscan ongehinderd plaats vindt!
    [*:e80e22030d] Nu wordt eerst de virussignature database gedownload, daarna begint automatisch de scan.
    [*:e80e22030d] Indien de scan klaar is, dan klik je op de tab [b:e80e22030d]Details[/b:e80e22030d]
    [*:e80e22030d] Is er niets aangetroffen, klik dan op [b:e80e22030d]Finish[/b:e80e22030d]
    [*:e80e22030d] Start het logbestand, dan kopieer je de inhoud hiervan en post deze aansluitend.
    [*:e80e22030d] Indien er geen log opent, is dit terug te vinden via [b:e80e22030d]C:\Program Files\EsetOnlineScanner\[/b:e80e22030d] en klik op [b:e80e22030d]log.txt[/b:e80e22030d][/list:u:e80e22030d]

    [b:e80e22030d]Bij gebruik van een andere browser dan IE of bij problemen download dan de installer (Klik)[/b:e80e22030d]
    [list:e80e22030d][*:e80e22030d] Na download er op rechtermuisklikken > uitvoeren als admin
    [*:e80e22030d] Daarna de stappen doen zoals hierboven omschreven[/list:u:e80e22030d]

    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan!
  • Ik heb servicepack 3 bij uitkomen direct geïnstalleerd. Ik heb automatische updat ook aan. Als browser heb ik firefox
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=5976ffcd700b8947b801f02b235de2ac
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-20 08:08:40
    # local_time=2010-11-20 09:08:40 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 43982 43982 0 0
    # compatibility_mode=768 16777215 100 0 2863456 2863456 0 0
    # compatibility_mode=6143 16777215 0 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 3682 3682 0 0
    # scanned=29608
    # found=1
    # cleaned=1
    # scan_time=1264
    C:\Documents and Settings\MarinusOne\Mijn documenten\My Downloads\slow-pcfighter_Web.exe probably a variant of Win32/SlowPCfighter application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=5976ffcd700b8947b801f02b235de2ac
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-20 09:07:49
    # local_time=2010-11-20 10:07:49 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1043
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 45377 45377 0 0
    # compatibility_mode=768 16777215 100 0 2864851 2864851 0 0
    # compatibility_mode=6143 16777215 0 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 5077 5077 0 0
    # scanned=88512
    # found=0
    # cleaned=0
    # scan_time=3417
  • Hoi Marinus, die Esetscanresultaten zijn bemoedigend!

    Toch denik dat we dieper moeten kijken!


    Download ComboFix van één van deze locaties:

    [b:de2a2761b5]Bleepingcomputer[/b:de2a2761b5]

    [b:de2a2761b5]ForoSpyware[/b:de2a2761b5]


  • [quote:c245ad1e95="Abraham54"]Hoi Marinus, die Esetscanresultaten zijn bemoedigend!

    Toch denik dat we dieper moeten kijken!

    Download ComboFix van één van deze locaties:

    Wanneer ComboFix klaar is, zal het het een logbestand voor je maken.
    Post de inhoud van dit logbestand (te vinden als [b:c245ad1e95]C:\ComboFix.txt[/b:c245ad1e95]) in je volgende bericht.[/quote:c245ad1e95]

    Helaas, ik heb comboFix 3 keer proberen te starten een kreeg 3 keer een computer crash.
  • Hoi Marinus, ten aanzien van die crashes het volgende:


    WhoCrashed introductie

    WhoCrashed beschrijving

    Download de [i:b91ed01d97]free home edition[/i:b91ed01d97] van [b:b91ed01d97]WhoCrashed[/b:b91ed01d97] naar je bureaublad via klik hier [img:b91ed01d97]http://i65.servimg.com/u/f65/11/35/67/12/whocra10.png[/img:b91ed01d97] en installeer het tool via klikken/dubbelklikken op "[b:b91ed01d97]whocrashedSetup.exe[/b:b91ed01d97]"

    Nadat 'WhoCrashed' is opgestart, klik je op de "[b:b91ed01d97]Analyze[/b:b91ed01d97]" knop.

    Selekteer nu de inhoud van het venster, kopieer dit en post het resultaat in je volgende post.
  • windows version: Windows XP Service Pack 3, 5.1, build: 2600
    windows dir: C:\WINDOWS
    CPU: GenuineIntel Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Intel586, level: 6
    2 logical processors, active mask: 3
    RAM: 2145226752 total
    VM: 2147352576, free: 2040475648



    ——————————————————————————–
    Crash Dump Analysis
    ——————————————————————————–

    Crash dump directory: C:\WINDOWS\Minidump

    Crash dumps are enabled on your computer.


    On Sun 21-11-2010 20:00:36 GMT your computer crashed
    crash dump file: C:\WINDOWS\Minidump\Mini112110-02.dmp
    This was probably caused by the following module: iastor.sys (iaStor+0x1B359)
    Bugcheck code: 0x1000000A (0x16, 0x1C, 0x0, 0xFFFFFFFF80502EB4)
    Error: CUSTOM_ERROR
    file path: C:\WINDOWS\system32\drivers\iastor.sys
    product: Intel Matrix Storage Manager driver
    company: Intel Corporation
    description: Intel Matrix Storage Manager driver
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: iastor.sys (Intel Matrix Storage Manager driver, Intel Corporation).
    Google query: iastor.sys Intel Corporation CUSTOM_ERROR
  • Hoi Marinus - download de nieuwste [b:9b330c5562]Intel Matrix Storage Manager[/b:9b330c5562]


    http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17882


    Deïnstalleer daarna eerst via Configuratiescherm/Software de oude versie en herstart daarna je PC.
    Dan mag je daarna de nieuwe versie installeren, waarna je wederom de PC opnieuw moet opstarten!
  • [quote:1e3f75999c="Abraham54"]Hoi Marinus - download de nieuwste [b:1e3f75999c]Intel Matrix Storage Manager[/b:1e3f75999c]


    http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17882


    Deïnstalleer daarna eerst via Configuratiescherm/Software de oude versie en herstart daarna je PC.
    Dan mag je daarna de nieuwe versie installeren, waarna je wederom de PC opnieuw moet opstarten![/quote:1e3f75999c]
    Hallo. Onder Sotware geen Intel Matrix Storage Manager, wel Intel(R) Pro Netwerk Connection Drivers. Voor ik iets verwijder wil ik wel zeker zijn dat ik het goede verwijder. Ik heb de volgende files gedowload:
    IATA89ENU en IATA89CD. Zoals gezegd heb ik nog niets gedaan.
  • Dan kan je de driver gewoon installeren!
  • [quote:f2838e407e="Abraham54"]Dan kan je de driver gewoon installeren![/quote:f2838e407e]
    OK nu werkte het.
    ComboFix 10-11-23.01 - MarinusOne 23-11-2010 20:37:54.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1430 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\MarinusOne\Mijn documenten\Downloads\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    —- Voorgaande Run ——-
    .
    C:\Install.exe
    c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
    c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-10-23 to 2010-11-23 ))))))))))))))))))))))))))))))
    .

    2010-11-23 17:14 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C25DE57C-B63F-4D32-A2D4-FCDDFC318A7C}\mpengine.dll
    2010-11-23 17:14 . 2010-11-23 17:14 ——– d—–w- C:\Intel
    2010-11-23 17:14 . 2010-11-23 17:14 ——– d—–w- c:\program files\Intel
    2010-11-23 17:14 . 2010-11-23 17:14 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\InstallShield
    2010-11-21 22:18 . 2010-11-23 17:29 ——– d—–w- c:\program files\WhoCrashed
    2010-11-21 19:58 . 2010-11-21 19:58 0 —-a-w- c:\windows\system32\ConduitEngine.tmp
    2010-11-20 19:46 . 2010-11-20 19:46 ——– d—–w- c:\program files\ESET
    2010-11-20 14:29 . 2010-11-20 14:29 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\Malwarebytes
    2010-11-20 14:29 . 2010-04-29 14:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-20 14:29 . 2010-11-20 14:29 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-20 14:29 . 2010-11-20 14:29 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-20 14:29 . 2010-04-29 14:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-20 14:20 . 2010-11-20 14:20 388096 —-a-r- c:\documents and settings\MarinusOne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-20 08:34 . 2010-11-20 08:34 ——– d—–w- c:\program files\Trend Micro
    2010-11-20 07:49 . 2010-11-20 07:49 ——– d—–w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-11-20 02:05 . 2010-11-20 02:05 ——– d—–w- c:\program files\Firaxis Games
    2010-11-20 02:05 . 2005-04-03 22:02 69714 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2010-11-20 02:05 . 2005-04-03 22:01 274432 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2010-11-20 02:05 . 2005-04-03 22:00 184320 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2010-11-20 02:05 . 2005-04-03 21:59 5632 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2010-11-20 02:05 . 2005-04-03 22:02 753664 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2010-11-20 02:05 . 2010-11-20 02:05 200836 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2010-11-20 02:05 . 2010-11-20 02:05 331908 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2010-11-19 19:59 . 2009-06-30 09:37 28552 —-a-w- c:\windows\system32\drivers\pavboot.sys
    2010-11-19 19:58 . 2010-11-19 19:58 ——– d—–w- c:\program files\Panda Security
    2010-11-19 07:50 . 1998-09-02 08:28 38160 —-a-w- c:\windows\system32\LMRTREND.dll
    2010-11-19 07:50 . 1998-08-20 11:02 140800 —-a-w- c:\windows\system32\tm20dec.ax
    2010-11-19 07:50 . 1998-08-27 04:51 182032 —-a-w- c:\windows\system32\dxtmsft3.dll
    2010-11-19 07:50 . 1998-09-02 08:28 63488 —-a-w- c:\windows\system32\unam4ie.exe
    2010-11-19 07:50 . 1998-09-02 08:02 194320 —-a-w- c:\windows\system32\qcut.dll
    2010-11-19 07:50 . 1998-08-17 09:21 5672 —-a-w- c:\windows\system32\quartz.vxd
    2010-11-19 07:50 . 1998-08-17 09:21 10240 —-a-w- c:\windows\system32\vidx16.dll
    2010-11-19 07:50 . 1998-08-17 09:21 11776 —-a-w- c:\windows\system32\mciqtz.drv
    2010-11-19 07:50 . 2010-11-19 07:50 2272 —-a-w- c:\windows\system32\w95inf16.dll
    2010-11-19 07:50 . 2010-11-19 07:50 4608 —-a-w- c:\windows\system32\w95inf32.dll
    2010-11-19 07:49 . 1998-07-30 12:51 305152 —-a-w- c:\windows\IsUninst.exe
    2010-11-16 06:57 . 2010-11-16 06:57 ——– d—–w- c:\program files\Exact Audio Copy
    2010-11-10 17:08 . 2010-11-23 17:29 ——– d—–w- c:\program files\Fighters
    2010-11-10 17:08 . 2010-11-10 17:08 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{1BBDB15E-BE9E-4EEA-8849-CB176F3F62A4}
    2010-11-10 17:07 . 2010-11-10 17:08 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\Fighters
    2010-11-10 17:07 . 2010-11-10 17:07 ——– d—–w- c:\documents and settings\MarinusOne\Local Settings\Application Data\PackageAware
    2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Mozilla Firefox\plugins
    ppdf32.dll
    2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS
    ppdf32.dll
    2010-10-27 19:13 . 2010-11-05 07:51 ——– d—–w- c:\documents and settings\MarinusOne\Local Settings\Application Data\Spotify
    2010-10-27 19:13 . 2010-11-05 07:51 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\Spotify
    2010-10-27 19:13 . 2010-10-27 19:13 ——– d—–w- c:\program files\Spotify

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-10 04:33 . 2009-03-01 08:35 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-11-03 20:47 . 2009-10-28 20:32 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-10-19 09:41 . 2009-10-03 00:11 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-10-14 19:12 . 2010-10-14 19:12 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-10-14 19:12 . 2010-05-07 13:36 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-09-18 10:23 . 2004-08-04 10:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 10:00 974848 —-a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 10:00 954368 —-a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 10:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:52 . 2006-03-04 03:35 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:52 . 2004-08-04 10:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:52 . 2004-08-04 10:00 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 09:17 . 2010-09-08 09:17 94208 —-a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 09:17 . 2010-09-08 09:17 69632 —-a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 15:12 . 2010-10-18 16:16 38848 —-a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-11-16 20:03 167592 —-a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-11-16 20:03 46672 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-11-16 20:03 165584 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-11-16 20:03 23376 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-11-16 20:03 100176 —-a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2009-11-16 20:03 94544 —-a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2009-11-16 20:03 17744 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2009-11-16 20:03 28880 —-a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-01 11:52 . 2004-08-04 10:00 285824 —-a-w- c:\windows\system32\atmfd.dll
    2010-09-01 07:57 . 2004-08-04 10:00 1852928 —-a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:03 . 2004-08-04 10:00 119808 —-a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:55 . 2004-08-04 10:00 99840 —-a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 01:43 . 2008-05-05 05:25 5632 —-a-w- c:\windows\system32\xpsp4res.dll
    2010-08-26 13:39 . 2004-08-04 10:00 357248 —-a-w- c:\windows\system32\drivers\srv.sys
    2008-12-14 03:05 . 2008-12-14 03:05 122880 —-a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 —-a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
    2010-10-18 10:26 3908192 —-a-w- c:\program files\myBabylon_English\tbmyB0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-10-18 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-14 39408]
    "Google Update"="c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
    "Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]
    "MBMon"="CTMBHA.DLL" [2006-03-15 1355468]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    c:\documents and settings\MarinusOne\Menu Start\Programma's\Opstarten\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "j:\\DownloadThemAll\\utorrent-2.2-latest_001.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\CivilizationV.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19-11-2010 20:59 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16-11-2009 21:03 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16-11-2009 21:03 17744]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21-10-2010 13:44 189064]
    R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21-10-2010 13:44 1130120]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17-6-2009 13:20 14896]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c98e1e5a214464;Google Updateservice (gupdate1c98e1e5a214464);c:\program files\Google\Update\GoogleUpdate.exe [13-2-2009 22:02 133104]
    S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14-12-2008 4:05 30192]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7-9-2006 20:16 10112]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-02 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-07-23 11:21]

    2010-10-23 c:\windows\Tasks\expressripShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-07-03 18:53]

    2010-11-23 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-03-08 19:55]

    2010-11-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 16:33]

    2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 21:02]

    2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 21:02]

    2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-261478967-725345543-1004Core.job
    - c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-15 05:45]

    2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-261478967-725345543-1004UA.job
    - c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-15 05:45]

    2010-11-23 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

    2010-08-14 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-05 15:56]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    FF - ProfilePath - c:\documents and settings\MarinusOne\Application Data\Mozilla\Firefox\Profiles\3rktgujx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Scroogle SSL search
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&q=
    FF - component: c:\documents and settings\MarinusOne\Application Data\Mozilla\Firefox\Profiles\3rktgujx.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\MarinusOne\Application Data\Mozilla\Firefox\Profiles\3rktgujx.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\1.2.183.39
    pGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin
    pgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592
    pCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39
    pGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin
    ew_plugin
    pdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    —- FIREFOX POLICIES —-
    pref(dom.disable_open_during_load, true);
    FF - user.js: browser.sessionstore.resume_from_crash - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
    HKCU-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-23 20:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(820)
    c:\windows\system32\SSSensor.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
    c:\program files\Illustrate\dBpowerAMP\dBShell.dll
    .
    Voltooingstijd: 2010-11-23 20:42:30
    ComboFix-quarantined-files.txt 2010-11-23 19:42

    Pre-Run: 55.425.511.424 bytes beschikbaar
    Post-Run: 55.377.608.704 bytes beschikbaar

    - - End Of File - - C28F0374CC8D680A0F02C43943BF2F1F









  • Mooi zo, ComboFix heeft een en ander gevonden!


    Indien je nu Outlook opstart, krijg jij dan nog steeds die melding?
  • [quote:807ff3c244="Abraham54"]Mooi zo, ComboFix heeft een en ander gevonden!


    Indien je nu Outlook opstart, krijg jij dan nog steeds die melding?[/quote:807ff3c244]

    Als ik mail verznd uit Outlook krijg ik nog steeds die melding
  • Hoi Marinus, deïnstalleer eerst Himanpro3 volkomen, herstart jouw PC en doe dan nogmaals een Combofixscan!
  • [quote:d7b9124aaa="Abraham54"]Hoi Marinus, deïnstalleer eerst Himanpro3 volkomen, herstart jouw PC en doe dan nogmaals een Combofixscan![/quote:d7b9124aaa]

    volgende log
    ComboFix 10-11-23.01 - MarinusOne 24-11-2010 20:55:23.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1405 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\MarinusOne\Mijn documenten\Downloads\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-10-24 to 2010-11-24 ))))))))))))))))))))))))))))))
    .

    2010-11-23 17:14 . 2010-11-10 04:33 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{C25DE57C-B63F-4D32-A2D4-FCDDFC318A7C}\mpengine.dll
    2010-11-23 17:14 . 2010-11-23 17:14 ——– d—–w- C:\Intel
    2010-11-23 17:14 . 2010-11-23 17:14 ——– d—–w- c:\program files\Intel
    2010-11-23 17:14 . 2010-11-23 17:14 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\InstallShield
    2010-11-21 22:18 . 2010-11-23 17:29 ——– d—–w- c:\program files\WhoCrashed
    2010-11-20 19:46 . 2010-11-20 19:46 ——– d—–w- c:\program files\ESET
    2010-11-20 14:29 . 2010-11-20 14:29 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\Malwarebytes
    2010-11-20 14:29 . 2010-04-29 14:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-20 14:29 . 2010-11-20 14:29 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-20 14:29 . 2010-11-20 14:29 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-20 14:29 . 2010-04-29 14:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-20 14:20 . 2010-11-20 14:20 388096 —-a-r- c:\documents and settings\MarinusOne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-20 08:34 . 2010-11-20 08:34 ——– d—–w- c:\program files\Trend Micro
    2010-11-20 07:49 . 2010-11-20 07:49 ——– d—–w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-11-20 02:05 . 2010-11-20 02:05 ——– d—–w- c:\program files\Firaxis Games
    2010-11-20 02:05 . 2005-04-03 22:02 69714 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2010-11-20 02:05 . 2005-04-03 22:01 274432 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2010-11-20 02:05 . 2005-04-03 22:00 184320 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2010-11-20 02:05 . 2005-04-03 21:59 5632 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2010-11-20 02:05 . 2005-04-03 22:02 753664 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2010-11-20 02:05 . 2010-11-20 02:05 200836 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2010-11-20 02:05 . 2010-11-20 02:05 331908 —-a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2010-11-19 19:59 . 2009-06-30 09:37 28552 —-a-w- c:\windows\system32\drivers\pavboot.sys
    2010-11-19 19:58 . 2010-11-19 19:58 ——– d—–w- c:\program files\Panda Security
    2010-11-19 07:50 . 1998-09-02 08:28 38160 —-a-w- c:\windows\system32\LMRTREND.dll
    2010-11-19 07:50 . 1998-08-20 11:02 140800 —-a-w- c:\windows\system32\tm20dec.ax
    2010-11-19 07:50 . 1998-08-27 04:51 182032 —-a-w- c:\windows\system32\dxtmsft3.dll
    2010-11-19 07:50 . 1998-09-02 08:28 63488 —-a-w- c:\windows\system32\unam4ie.exe
    2010-11-19 07:50 . 1998-09-02 08:02 194320 —-a-w- c:\windows\system32\qcut.dll
    2010-11-19 07:50 . 1998-08-17 09:21 5672 —-a-w- c:\windows\system32\quartz.vxd
    2010-11-19 07:50 . 1998-08-17 09:21 10240 —-a-w- c:\windows\system32\vidx16.dll
    2010-11-19 07:50 . 1998-08-17 09:21 11776 —-a-w- c:\windows\system32\mciqtz.drv
    2010-11-19 07:50 . 2010-11-19 07:50 2272 —-a-w- c:\windows\system32\w95inf16.dll
    2010-11-19 07:50 . 2010-11-19 07:50 4608 —-a-w- c:\windows\system32\w95inf32.dll
    2010-11-19 07:49 . 1998-07-30 12:51 305152 —-a-w- c:\windows\IsUninst.exe
    2010-11-16 06:57 . 2010-11-16 06:57 ——– d—–w- c:\program files\Exact Audio Copy
    2010-11-10 17:08 . 2010-11-24 19:48 ——– d—–w- c:\program files\Fighters
    2010-11-10 17:08 . 2010-11-10 17:08 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{1BBDB15E-BE9E-4EEA-8849-CB176F3F62A4}
    2010-11-10 17:07 . 2010-11-10 17:08 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\Fighters
    2010-11-10 17:07 . 2010-11-10 17:07 ——– d—–w- c:\documents and settings\MarinusOne\Local Settings\Application Data\PackageAware
    2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Mozilla Firefox\plugins
    ppdf32.dll
    2010-11-06 10:37 . 2010-11-06 10:37 103864 —-a-w- c:\program files\Internet Explorer\PLUGINS
    ppdf32.dll
    2010-10-27 19:13 . 2010-11-05 07:51 ——– d—–w- c:\documents and settings\MarinusOne\Local Settings\Application Data\Spotify
    2010-10-27 19:13 . 2010-11-05 07:51 ——– d—–w- c:\documents and settings\MarinusOne\Application Data\Spotify
    2010-10-27 19:13 . 2010-10-27 19:13 ——– d—–w- c:\program files\Spotify

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-10 04:33 . 2009-03-01 08:35 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-11-03 20:47 . 2009-10-28 20:32 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-10-19 09:41 . 2009-10-03 00:11 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-10-14 19:12 . 2010-10-14 19:12 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2010-10-14 19:12 . 2010-05-07 13:36 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2010-09-18 10:23 . 2004-08-04 10:00 974848 —-a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 10:00 974848 —-a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 10:00 954368 —-a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 10:00 953856 —-a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:52 . 2006-03-04 03:35 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:52 . 2004-08-04 10:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:52 . 2004-08-04 10:00 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 09:17 . 2010-09-08 09:17 94208 —-a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 09:17 . 2010-09-08 09:17 69632 —-a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 15:12 . 2010-10-18 16:16 38848 —-a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-11-16 20:03 167592 —-a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-11-16 20:03 46672 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-11-16 20:03 165584 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-11-16 20:03 23376 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-11-16 20:03 100176 —-a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2009-11-16 20:03 94544 —-a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2009-11-16 20:03 17744 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2009-11-16 20:03 28880 —-a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-01 11:52 . 2004-08-04 10:00 285824 —-a-w- c:\windows\system32\atmfd.dll
    2010-09-01 07:57 . 2004-08-04 10:00 1852928 —-a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:03 . 2004-08-04 10:00 119808 —-a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:55 . 2004-08-04 10:00 99840 —-a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 01:43 . 2008-05-05 05:25 5632 —-a-w- c:\windows\system32\xpsp4res.dll
    2008-12-14 03:05 . 2008-12-14 03:05 122880 —-a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 —-a-w- c:\program files\ConduitEngine\ConduitEngin0.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
    2010-10-18 10:26 3908192 —-a-w- c:\program files\myBabylon_English\tbmyB0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-10-18 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-14 39408]
    "Google Update"="c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
    "Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-20 394104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "IDTSysTrayApp"="sttray.exe" [2007-09-05 405504]
    "MBMon"="CTMBHA.DLL" [2006-03-15 1355468]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    c:\documents and settings\MarinusOne\Menu Start\Programma's\Opstarten\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "j:\\DownloadThemAll\\utorrent-2.2-latest_001.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\CivilizationV.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19-11-2010 20:59 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16-11-2009 21:03 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16-11-2009 21:03 17744]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21-10-2010 13:44 189064]
    R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21-10-2010 13:44 1130120]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17-6-2009 13:20 14896]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c98e1e5a214464;Google Updateservice (gupdate1c98e1e5a214464);c:\program files\Google\Update\GoogleUpdate.exe [13-2-2009 22:02 133104]
    S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14-12-2008 4:05 30192]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7-9-2006 20:16 10112]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-02 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-07-23 11:21]

    2010-10-23 c:\windows\Tasks\expressripShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-07-03 18:53]

    2010-11-24 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-03-08 19:55]

    2010-11-24 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 16:33]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 21:02]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 21:02]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-261478967-725345543-1004Core.job
    - c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-15 05:45]

    2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-261478967-725345543-1004UA.job
    - c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-15 05:45]

    2010-11-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

    2010-08-14 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-05 15:56]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    FF - ProfilePath - c:\documents and settings\MarinusOne\Application Data\Mozilla\Firefox\Profiles\3rktgujx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Scroogle SSL search
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&q=
    FF - component: c:\documents and settings\MarinusOne\Application Data\Mozilla\Firefox\Profiles\3rktgujx.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\MarinusOne\Application Data\Mozilla\Firefox\Profiles\3rktgujx.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\MarinusOne\Local Settings\Application Data\Google\Update\1.2.183.39
    pGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin
    pgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592
    pCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39
    pGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin
    ew_plugin
    pdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    —- FIREFOX POLICIES —-
    pref(dom.disable_open_during_load, true);
    FF - user.js: browser.sessionstore.resume_from_crash - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-24 20:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(2708)
    c:\windows\system32\SSSensor.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\progra~1\MICROS~2\Office10\MCPS.DLL
    c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
    .
    Voltooingstijd: 2010-11-24 21:00:04
    ComboFix-quarantined-files.txt 2010-11-24 20:00
    ComboFix2.txt 2010-11-23 19:42

    Pre-Run: 54.874.226.688 bytes beschikbaar
    Post-Run: 54.859.747.328 bytes beschikbaar

    - - End Of File - - 85A6BDA8ED7F0F9467907424CF188E0B









  • Hoi Marinus, het log oogt schoon.

    http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    Ga met Internet Explorer of Firefox naar de Kaspersky Online Scanner.
    Zorg dat Java up to date is - verwijder alle versies van Java (via Configuratiescherm -> Software) die u op uw computer heeft en installeer de nieuwste versie.


    Klik op Accept in het beginscherm om akkoord te gaan met de voorwaarden.


    Om de scantijd te optimaliseren en een correcter rapport te maken:


    Sluit alle openstaande programma's.
    Zet real time scanners zoals je antivirus tijdelijk uit tijdens de scan.

    Geef Kaspersky toestemming om je computer te scannen, klik op Run wanneer je een melding krijgt van Java.
    Het programma zal nu gedownload en geïnstalleerd worden, het zal ook de database updaten.
    Wees geduldig tijdens het downloaden, dit kan een tijdje duren.

    1.Wanneer de update compleet is klik je op Settings.
    2.Zorg ervoor dat volgende vierkantjes aangevinkt zijn. Klik daarna op de Save knop:


    Spyware, adware, dialers, and other riskware
    Archives
    E-mail databases


    3.Klik op My Computer onder de groene Scan balk aan de linkerkant om de scan te starten.
    4.Als de scan compleet is zal er gemeld worden of je computer geïnfecteerd is of niet, er is geen optie om de infecties te verwijderen of te desinfecteren. We hebben enkel het rapport nodig van de scan.
    5.Wees zeker NIET in paniek door wat u ziet in het rapport, veel infecties zullen waarschijnlijk al in de quarantaine zitten.
    6.Klik op View report… onderaan.
    7.Klik daarna op de Save report… knop.

    http://i840.photobucket.com/albums/zz323/Maser000/Malware/Untitled5.png

    8.Zorg bij het opslaan dat u het rapport als een Tekstdocument (.txt) opslaat (bij Opslaan als type:). Het rapport mag u de volgende Bestandsnaam geven: KasReport.txt. Sla dit rapport op je bureaublad op en post het in je volgend bericht a.u.b.
  • [quote:96c51cc04c="Abraham54"]Hoi Marinus, het log oogt schoon.

    http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    Ga met Internet Explorer of Firefox naar de Kaspersky Online Scanner.
    Zorg dat Java up to date is - verwijder alle versies van Java (via Configuratiescherm -> Software) die u op uw computer heeft en installeer de nieuwste versie.

    [/quote:96c51cc04c]

    Hoi Abraham,
    De online scanner is momenteel niet beschikbaar. Zou het een idee zijn om te switschen naar bv Thunderbird?

    Marinus
  • Hoi Marinus, dat kan een heel goede optie zijn, inderdaad.

    Maar ik wil graag dat je nu eerst nog het volgende gaat doen:



    [list:6142afb5bb][*:6142afb5bb] Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren!
    [*:6142afb5bb] klik\Dubbelklik op RSIT.exe om het tool te starten.
    [*:6142afb5bb] Klik op Continue in het disclaimer venster.
    [*:6142afb5bb] Nadat de scan beëindigd is, zullen twee logs openen.
    [*:6142afb5bb] [b:6142afb5bb]Post alleen info.txt[/b:6142afb5bb] (deze zal geminimaliseerd zijn)[/list:u:6142afb5bb]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.