Antimalware Doctor

[rolandh]

(Gesponsorde links- (Wat is dit?))

Ik heb problemen met " Antimaleware Doctor" dit geeft zich in mijn PC genesteld en blokeerd mijn PC. Ik ben nu bezig in veilig modus te werken.

Zelf ben ik nog een leek maar heb dringend weer mijn pc nodig zoals voorheen dit namelijk om homebanking anders kom ik de problemen. Kan iemand me AUB helpen, ben zopas lid geworden bij Nucia.

[Marckie]

Voer eerst een scan uit met Malwarebytes' Anti-Malware (MBAM).

Heb je vandaag reeds een scan uitgevoerd met dit programma dan post je de meest recente log.
Deze kan je als volgt vinden:

• Start Malwarebytes' Anti-Malware (MBAM).
• Klik op het tabblad "Logs". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt.
• Kies de meest recente, dubbelklik er op. De logfile opent.
• Post de inhoud van de logfile.

Heb je Malwarebytes' Anti-Malware (MBAM) reeds op de computer staan en je hebt onlangs (vandaag) geen nieuwe scan uitgevoerd, dan doe je dit:

• Start MBAM.
• Ga naar het tabblad "Update".
• Klik op de knop "Controleer op Updates". MBAM maakt nu connectie met de servers om de laatste definities te downloaden en zal deze installeren.
• Ga naar het tabblad "Scanner".
• Selecteer "Snelle Scan" en klik op de knop "Scan". Malwarebytes' Anti-Malware zal nu de computer scannen.
• Wanneer de scan voltooid is, klik je op OK, daarna op "Bekijk Resultaten" om de resultaten te zien.
• Wordt er wat gevonden door MBAM, dan zorg ervoor dat daar alles aangevinkt is en daarna klik je op: Verwijder geselecteerde.
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. Sta toe dat de computer opnieuw gestart wordt. Doe dit onmiddellijk!!
• Na de herstart start je Malwarebytes' Anti-Malware opnieuw.
• Klik op het tabblad "Logs". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt.
• Kies de meest recente, dubbelklik er op. De logfile opent.
• Post de inhoud van de logfile.

Heb je nog geen scan gedaan met Malwarebytes' Anti-Malware dan volg je deze instructies:

• Downloadt MBAM (Malwarebytes' Anti-Malware) hier of hier.
• Dubbelklik op mbam-setup.exe om de installatie te starten.
• Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware.
• Klik daarna op "Voltooien".
• Indien een update gevonden wordt, zal deze gedownload en geïnstalleerd worden.
• Wanneer het programma volledig up to date is selecteer je het tabblad Scanner
• Selecteer "Snelle Scan" en klik op de knop "Scan". Malwarebytes' Anti-Malware zal nu de computer scannen.
• Het scannen kan een tijdje duren, dus wees geduldig.
• Wanneer de scan voltooid is, klik op op OK, daarna op "Bekijk Resultaten" om de resultaten te zien.
• Wordt er wat gevonden door MBAM, dan zorg ervoor dat daar alles aangevinkt is en daarna klik je op: Verwijder geselecteerde.
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. Sta toe dat de computer opnieuw gestart wordt. Doe dit onmiddellijk!!
• Na de herstart start je Malwarebytes' Anti-Malware opnieuw.
• Klik op het tabblad "Logs". Daar vind je een overzicht van de logs gemaakt door MBAM. Deze worden opgeslagen als mbam-log-jaar-maand-dag (uur).txt.
• Kies de meest recente, dubbelklik er op. De logfile opent.
• Post de inhoud van de logfile.

[rolandh]

Marckie, bedankt voor de snelle reactie .
Sorry voor het laat reageren maar de situatie is het volgende, vanaf zondag kon ik ook niet meer op het internet via veilige modus en denkt dat dit ook door deze virus is. Nu zit ik te internetten via het werk maar met dit moet ik wel opletten. ( is verboden voor prive) kan je me verder helpen moet ik deze 2 progamma eerst dowloaden op een stick en dan verder proberen ???
Graag antwoord aub en dankjewel voor de reactie. Grtjs Rolandh

[Marckie]

Downloaden op een stick kan maar dan moet je ook de laatse detectie definities downloaden.

Is Malwarebytes' Anti-Malware geïnstalleerd op de computer en je kan het niet updaten, dan doe je het volgende:

• Methode 1: Internetconnectie vereist of downloaden via een andere computer.
  • Downloadt mbam-rules.exe: http://www.malwarebytes.org/mbam/dat...mbam-rules.exe
  • Dubbelklik op mbam-rules.exe om de laatste updates te installeren.
• Methode 2: computer vereist waarop een geupdate Malwarebytes' Anti-Malware aanwezig is.
  • Op de met MBAM geupdate computer zoek en kopieer je dit bestand:
    • Windows 2000 - Windows XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
    • Windows Vista - Windows 7: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • Op de probleem computer plak je het bestand rules.ref in de volgende map:
    • Windows 2000 - Windows XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
    • Windows Vista - Windows 7: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

[rolandh]

Marckie, na veel vallen en opstaan is het toch gelukt om weer te internetten. Ik weet niet of dit een goede methode was maar ik probeerde ieder keer als ik de comp. opstarte mijn "AVG-antivirus" zo snel mogelijk te laten draaien en dit voor dat de twee boosdoeners namelijk "Antimalware Doctor" en "Antivir Solution" zich ieder keer nestelde met hun icoon rechtsonder in de taakbalk. De eerste die verdweende na enige tijd was "Antimalware Doctor" en dit na veel heropstarten en ieder keer Scannen met "AVG" was ook "Antivir Solution" die verdween.
Nu wat ik wel gemerkt heb is, ik wilde zovlug mogelijk een herstelpunt maken van voor de moeilijkheden (de aanval is begonnen op 24/07/2010) maar zag dat er geen vorige herstelpunten meer zijn/waren. Nu mijn vraag ben ik er nu vanaf , wat moet ik doen. Malwarebytes' Anti-Malware (MBAM) is nog niet geïnstalleerd op mijn PC. Nogmaals dank voor mij te behelpen. Grtjs Rolandh

[Marckie]

Ik denk dat je best MBAM nog installeert en deze een scan laat doen.
Post het logje maar.

MBAM is gratis en kan je perfect naast de bestaande beveilgingsoftware blijven gebruiken.

[rolandh]

Markie, mijn eerste scan is gebeurd ziehier mijn logfile er waren 24 gedetecteerd

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4353

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/07/2010 21:41:30
mbam-log-2010-07-26 (21-41-30).txt

Scantype: Snelle scan
Objecten gescand: 159435
Verstreken tijd: 11 minuut/minuten, 8 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 13
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 6

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
C:\Documents and Settings\All Users\Documenten\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\winhost_app.winhost_appdll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Cleaner (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpywareCleanerService (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XA5RJ9EADJ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yfqrqwav (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yfqrqwav (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
C:\WINDOWS\winhost_app.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Eigenaar\Local Settings\Temp\jydtya.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documenten\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\HP_Eigenaar\Local Settings\Temp\File234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Wat zijn de volgende stappen die zou moeten gebeuren ? ? ?

Grtjs Rolandh

[Marckie]

Zijn er nog problemen momenteel?

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:
DDS - Techsupport download.
DDS - Bleeping download.
DDS - Forospyware Download.
DDS is een diagnosetool en maakt gebruik van scripts. Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.
Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.
Post de inhoud van DDS.txt.
De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

[rolandh]

Marckie, tot nu zijn er nog problemen ondekt, daarvoor alvast mijn dank.
Kun je me even op weg zetten voor het inschakelen van scripts, moet ik dit dan later weer "uitvoeren van scripts inschakelen" of niet.

Grtjs Rolandh

[rolandh]

Marckie, er is tikfout gebeurd door mij. Namelijk ik bedoelde "er zijn verlopig geen problemen meer te ontdekken", maar kun je me even op weg zetten voor het inschakelen van scripts, moet ik dit dan later weer "uitvoeren van scripts inschakelen" of niet.

Grtjs Roland

[Marckie]

Krijg je foutmelding bij gebruik van DDS?
Sommige virusscanners schakelen het gebruik van scripts uit.

[rolandh]

Marckie, ziehier mijn DDS.txt en wat doet dit progamma eigenlijk


DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Eigenaar at 21:23:59,96 on di 27/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.365 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Egldppcnhrcxt\osuzrdd.exe
C:\Program Files\Egldppcnhrcxt\osuzrdd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\Program Files\Foto.com\Foto.com Editor\dd.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Remote Access\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Remote Access\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Remote Access\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\GX548B16\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Telenet Internet
uDefault_Page_URL = hxxp://breedband.telenet.be
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: : {aad3fb47-186b-4d9e-8bea-da7d84c186af} - c:\windows\system32\ilmsbgi.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [Spyware Cleaner] "c:\program files\spyware cleaner\SpywareCleaner.Exe" /boot
uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe"
uRun: [Device Detection] c:\program files\foto.com\foto.com editor\dd.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [DLD.EXE] c:\program files\download direct\DLD.exe
uRun: [DriverMax]
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AutoTBar] c:\program files\hp\digital imaging\bin\AUTOTBAR.EXE
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [beidsystemtray] c:\program files\belgium identity card\beidsystemtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
IE: Download web site met Free Download Manager - file://c:\program files\free download manager\dlpage.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Gedownload met Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.be/SnapfishActivia.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.new2.foto.com/ImageUploader5.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://wisup.net/_plateforme/Upload/Aurigma/AurigmaActiveX/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - hxxp://www.extrafilm.be/ImageUploader4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} - hxxp://fotobook.foto.com/activex/SpeedUploader.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: ckpNotify - ckpNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-28 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-5 27784]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-28 297752]
R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2006-6-20 225280]
R2 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2006-6-21 331776]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [2006-7-19 17456]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2006-7-19 670128]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2006-7-19 2041904]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2005-1-1 24544]
S2 gupdate1c9d6a6a49ee804;Google Updateservice (gupdate1c9d6a6a49ee804);c:\program files\google\update\GoogleUpdate.exe [2009-5-17 133104]
S2 zuwzxped;IPX Traffic Forwarder Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-3-24 33536]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2005-7-22 69120]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [2006-7-19 14924]
S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;c:\windows\system32\drivers\PCTELSAP.SYS [2005-1-1 306560]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-07-26 18:53:10 0 d-----w- c:\docume~1\hp_eig~1\applic~1\Malwarebytes
2010-07-26 18:52:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 18:52:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-26 18:52:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 18:52:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 17:26:04 2213 ----a-w- c:\windows\lsrslt.ini
2010-07-24 12:57:43 0 d-----w- c:\docume~1\hp_eig~1\applic~1\E7F9C053F28964D300DE88A164D4735E
2010-07-23 04:08:44 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-20 21:51:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-20 21:51:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-20 21:46:46 0 d-----w- c:\program files\common files\Nokia
2010-07-20 21:45:55 0 d-----w- c:\program files\PC Connectivity Solution
2010-07-20 21:44:21 0 d-----w- c:\program files\Nokia
2010-07-20 21:44:21 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaInstallerCache
2010-07-14 15:03:51 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-07-20 23:15:10 197723 ----a-w- c:\docume~1\hp_eig~1\applic~1\mdbu.bin
2010-06-29 22:14:13 654886 ----a-w- c:\windows\system32\perfh013.dat
2010-06-29 22:14:13 157586 ----a-w- c:\windows\system32\perfc013.dat
2010-05-06 10:37:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:37:06 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-05-06 10:37:06 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-06 10:37:05 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-05-06 10:37:03 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-05-06 10:37:03 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-05-06 10:37:02 5950976 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-05-06 10:36:58 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-06 10:36:58 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-06 10:36:58 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-05-06 10:36:57 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-05-06 10:36:56 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-06 10:36:56 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-05-06 10:36:56 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-05-06 10:36:52 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-06 10:36:51 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 08:10:36 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 08:10:36 1851392 ------w- c:\windows\system32\dllcache\win32k.sys
2005-07-09 17:54:35 22 --sha-w- c:\windows\sminst\HPCD.sys
2008-10-08 18:37:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008100820081009\index.dat

============= FINISH: 21:25:41,81 ===============

[Marckie]

Ik heb je topic verplaatst naar deze sectie.

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

[rolandh]

Marckie, heb deze morgen combofix.exe gedownload en dit ging allemaal perfect + opgeslagen op het bureaublad. AVG uitgeschakeld. Dan heb ik de scan laten starten en alle waarshuwingsvensters beantwoord zoals beschreven. Maar dan bij het venster "Autoscan" met de tekst "zoeken naar besmette bestanden......" bleeft deze staan en dit heb ik zo'n 02h30 gelaten omdat ze beschreven dit kan 10min of dubbel zolang kon duren. Maar er kwam geen extra gegevens bij. Kan je me op weg helpen aub.

Grtjs Roland

[Marckie]

Verwijder combofix op je bureaublad (rechtsklik en delete). Herstart de computer en dan download je ComboFix opnieuw.
Laat het scannen en post de log.

[rolandh]

Marckie, bedankt voor het geduld ziehier de log

ComboFix 10-07-30.04 - HP_Eigenaar 31/07/2010 15:03:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.391 [GMT 2:00]
Gestart vanuit: c:\documents and settings\HP_Eigenaar\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documenten\Settings
c:\documents and settings\HP_Eigenaar\Application Data\E7F9C053F28964D300DE88A164D4735E
c:\documents and settings\HP_Eigenaar\Application Data\E7F9C053F28964D300DE88A164D4735E\enemies-names.txt
c:\documents and settings\HP_Eigenaar\Application Data\E7F9C053F28964D300DE88A164D4735E\local.ini
c:\documents and settings\HP_Eigenaar\Application Data\E7F9C053F28964D300DE88A164D4735E\lsrslt.ini
c:\documents and settings\HP_Eigenaar\Application Data\inst.exe
c:\documents and settings\HP_Eigenaar\Onlangs geopend\hpothb07.dat
c:\documents and settings\HP_Eigenaar\Onlangs geopend\hpothb07.tif
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_SPYWARECLEANERSERVICE
-------\Service_Boonty Games


(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-31 ))))))))))))))))))))))))))))))
.

2010-07-26 18:53 . 2010-07-26 18:53 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Malwarebytes
2010-07-26 18:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 18:52 . 2010-07-26 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 18:52 . 2010-07-26 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 18:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 15:04 . 2010-07-24 15:04 -------- d-----w- c:\documents and settings\Administrator.ROLAND-DOMINIEK\Application Data\Verzendmap van Share-to-Web
2010-07-24 14:39 . 2010-07-24 14:39 -------- d-sh--w- c:\documents and settings\Administrator.ROLAND-DOMINIEK\PrivacIE
2010-07-24 13:37 . 2010-07-24 13:37 75328 ----a-w- c:\documents and settings\Administrator.ROLAND-DOMINIEK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 13:10 . 2010-07-24 13:10 -------- d-sh--w- c:\documents and settings\Administrator.ROLAND-DOMINIEK\IETldCache
2010-07-24 12:58 . 2010-07-26 17:08 -------- d-----w- c:\documents and settings\HP_Eigenaar\Local Settings\Application Data\kmajbhjsv
2010-07-23 04:08 . 2010-07-23 04:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-20 21:50 . 2010-07-20 21:50 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Nokia
2010-07-20 21:50 . 2010-07-22 22:02 -------- d-----w- c:\documents and settings\HP_Eigenaar\Local Settings\Application Data\NokiaAccount
2010-07-20 21:49 . 2010-07-20 21:57 -------- d-----w- c:\documents and settings\HP_Eigenaar\Local Settings\Application Data\Nokia
2010-07-20 21:49 . 2010-07-20 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-07-20 21:49 . 2010-07-20 21:57 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\PC Suite
2010-07-20 21:46 . 2010-07-23 04:08 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-20 21:45 . 2010-07-23 04:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-20 21:44 . 2010-07-23 04:08 -------- d-----w- c:\program files\Nokia
2010-07-20 21:44 . 2010-07-20 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-07-14 15:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 10:18 . 2010-07-08 15:12 1146208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-07-10 09:51 . 2010-07-10 09:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 13:17 . 2009-08-22 11:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-30 15:15 . 2008-01-20 14:32 197723 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\mdbu.bin
2010-07-25 11:55 . 2008-05-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-22 21:48 . 2008-03-16 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-20 21:51 . 2010-07-20 21:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-20 21:51 . 2010-07-20 21:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-06 17:29 . 2007-05-17 16:39 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Vso
2010-07-03 17:15 . 2008-01-12 13:08 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\uTorrent
2010-06-29 22:14 . 2004-12-03 10:15 654886 ----a-w- c:\windows\system32\perfh013.dat
2010-06-29 22:14 . 2004-12-03 10:15 157586 ----a-w- c:\windows\system32\perfc013.dat
2010-06-14 14:31 . 2004-08-04 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-29 11:58 . 2010-05-29 11:58 503808 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20f7bbc5-n\msvcp71.dll
2010-05-29 11:58 . 2010-05-29 11:58 499712 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20f7bbc5-n\jmc.dll
2010-05-29 11:58 . 2010-05-29 11:58 348160 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20f7bbc5-n\msvcr71.dll
2010-05-06 10:37 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2005-07-09 17:54 . 2005-07-09 17:54 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 1937408]
"Device Detection"="c:\program files\Foto.com\Foto.com Editor\dd.exe" [2007-07-20 119296]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-17 39408]
"keini"="c:\program files\Egldppcnhrcxt\osuzrdd.exe" [2006-04-01 2184857]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-11-04 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-11-05 192512]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 2754560]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2006-06-21 188416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-11 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-29 4603904]
"nwiz"="nwiz.exe" [2004-09-29 921600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 29696]
"keini"="c:\program files\Egldppcnhrcxt\osuzrdd.exe" [2006-04-01 2184857]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-19 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-8-21 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-07-13 20:14 24673 ----a-w- c:\windows\system32\ckpNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/05/2008 22:45 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28/05/2008 22:45 297752]
R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [20/06/2006 13:38 225280]
R2 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [21/06/2006 9:47 331776]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [19/07/2006 18:30 17456]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [19/07/2006 18:30 670128]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [19/07/2006 18:45 2041904]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [1/01/2005 21:45 24544]
S2 gupdate1c9d6a6a49ee804;Google Updateservice (gupdate1c9d6a6a49ee804);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 6:19 133104]
S2 zuwzxped;IPX Traffic Forwarder Controller;c:\windows\System32\svchost.exe -k netsvcs [4/08/2004 6:00 14336]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [19/07/2006 18:45 14924]
S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;c:\windows\system32\drivers\PCTELSAP.SYS [1/01/2005 21:45 306560]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zuwzxped
.
Inhoud van de 'Gedeelde Taken' map

2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-17 04:18]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 04:19]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 04:19]

2010-07-22 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{F3D276F1-01FA-40DD-8BC1-DCB0AB390F17}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download web site met Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Gedownload met Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} - hxxp://fotobook.foto.com/activex/SpeedUploader.cab
.
.
------- Bestandsassociaties -------
.
.txt=
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{AAD3FB47-186B-4D9E-8BEA-DA7D84C186AF} - c:\windows\system32\ilmsbgi.dll
HKCU-Run-Spyware Cleaner - c:\program files\Spyware Cleaner\SpywareCleaner.Exe
HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe
HKCU-Run-DriverMax - (no file)
HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 15:17
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\system32\mslunkero.dll 147456 bytes executable

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(420)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSNL.DLL
c:\windows\system32\mslunkero.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msls31.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Remote Access\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Remote Access\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\Remote Access\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2010-07-31 15:19:53 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-31 13:19

Pre-Run: 121.173.110.784 bytes beschikbaar
Post-Run: 122.267.848.704 bytes beschikbaar

- - End Of File - - 9C59F1F2FBEE0FEFC740C5845501445E

[Marckie]

Hier gaan we:

Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
c:\windows\system32\mslunkero.dll

Folder::
c:\program files\Egldppcnhrcxt

Driver::
zuwzxped

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"keini"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"keini"=-

NetSvc::
zuwzxped

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

[rolandh]

Marckie, ziehier mijn tweede COMBOFIX scan

ComboFix 10-07-30.04 - HP_Eigenaar 31/07/2010 19:16:41.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.408 [GMT 2:00]
Gestart vanuit: c:\documents and settings\HP_Eigenaar\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\HP_Eigenaar\Bureaublad\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\mslunkero.dll"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Egldppcnhrcxt
c:\program files\Egldppcnhrcxt\is-4TOPC.tmp
c:\program files\Egldppcnhrcxt\is-ENRAC.tmp
c:\program files\Egldppcnhrcxt\is-GRO7E.tmp
c:\program files\Egldppcnhrcxt\is-JKPP3.tmp
c:\program files\Egldppcnhrcxt\is-NNHSJ.tmp
c:\program files\Egldppcnhrcxt\Log\Text\aiotxt.dat
c:\program files\Egldppcnhrcxt\Log\Text\aioweb.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01012010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01022010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01032010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01042010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01062010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01072010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01102010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01112010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01122010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01132010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01152010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01172010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01182010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01202010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01212010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01232010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01242010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01302010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\01312010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\02072010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\02082010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\02102010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\02282010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04032010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04042010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04052010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04062010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04072010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04092010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04102010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04112010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04122010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04132010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04142010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04152010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04162010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04172010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04182010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04192010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04202010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04212010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04222010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04242010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04252010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04262010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04272010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04282010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\04302010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05012010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05022010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05032010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05042010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05052010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05062010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05072010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05082010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05092010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05102010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05112010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05122010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05132010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05142010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05152010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05162010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05172010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05182010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05192010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05202010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05212010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05222010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05232010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05242010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05252010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05262010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05272010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05282010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05292010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05302010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\05312010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06012010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06022010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06032010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06042010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06052010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06062010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06072010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06082010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06092010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06102010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06112010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06122010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06132010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06142010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06152010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06162010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06172010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06182010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06192010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06202010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06212010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06222010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06232010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06242010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06252010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06262010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06272010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06282010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06292010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\06302010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07012010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07022010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07032010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07042010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07052010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07062010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07072010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07082010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07092010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07102010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07112010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07122010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07132010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07142010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07152010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07162010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07172010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07182010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07192010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07202010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07212010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07222010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07232010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07242010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07252010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07262010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07272010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07282010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07302010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\07312010.dat
c:\program files\Egldppcnhrcxt\Log\Visual\08302009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\08312009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09012009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09032009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09042009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09052009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09062009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09072009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09082009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09092009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09102009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09112009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09122009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09132009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09142009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09152009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09162009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09172009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09182009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09192009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09202009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09222009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09242009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09252009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09262009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09272009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09282009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\09292009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10022009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10032009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10042009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10052009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10072009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10082009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10092009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10102009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10112009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10132009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10142009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10152009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10162009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10172009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10182009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10192009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10202009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10212009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10232009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10242009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10252009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10272009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10282009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10292009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10302009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\10312009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11012009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11022009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11042009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11052009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11062009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11072009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11082009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11142009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11152009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11162009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11172009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11182009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11192009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11212009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11222009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11232009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11242009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11262009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11282009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11292009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\11302009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12012009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12022009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12032009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12042009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12052009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12062009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12072009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12082009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12092009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12102009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12112009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12122009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12132009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12152009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12162009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12182009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12202009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12212009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12222009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12232009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12242009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12252009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12272009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12282009.dat
c:\program files\Egldppcnhrcxt\Log\Visual\12292009.dat
c:\program files\Egldppcnhrcxt\osuzrdd.exe
c:\program files\Egldppcnhrcxt\unins000.dat
c:\program files\Egldppcnhrcxt\unins001.dat
c:\program files\Egldppcnhrcxt\unins002.dat
c:\windows\system32\mslunkero.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZUWZXPED
-------\Service_zuwzxped


(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-31 ))))))))))))))))))))))))))))))
.

2010-07-26 18:53 . 2010-07-26 18:53 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Malwarebytes
2010-07-26 18:52 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 18:52 . 2010-07-26 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 18:52 . 2010-07-26 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 18:52 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 13:09 . 2008-08-23 20:37 -------- d-----w- c:\documents and settings\Administrator.ROLAND-DOMINIEK\Local Settings\Application Data\Microsoft Help
2010-07-24 12:58 . 2010-07-26 17:08 -------- d-----w- c:\documents and settings\HP_Eigenaar\Local Settings\Application Data\kmajbhjsv
2010-07-23 04:08 . 2010-07-23 04:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-20 21:50 . 2010-07-20 21:50 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Nokia
2010-07-20 21:50 . 2010-07-22 22:02 -------- d-----w- c:\documents and settings\HP_Eigenaar\Local Settings\Application Data\NokiaAccount
2010-07-20 21:49 . 2010-07-20 21:57 -------- d-----w- c:\documents and settings\HP_Eigenaar\Local Settings\Application Data\Nokia
2010-07-20 21:49 . 2010-07-20 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-07-20 21:49 . 2010-07-20 21:57 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\PC Suite
2010-07-20 21:46 . 2010-07-23 04:08 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-20 21:45 . 2010-07-23 04:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-20 21:44 . 2010-07-23 04:08 -------- d-----w- c:\program files\Nokia
2010-07-20 21:44 . 2010-07-20 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-07-14 15:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 09:51 . 2010-07-10 09:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 17:22 . 2009-08-22 11:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-30 15:15 . 2008-01-20 14:32 197723 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\mdbu.bin
2010-07-25 11:55 . 2008-05-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-24 15:04 . 2010-07-24 15:04 -------- d-----w- c:\documents and settings\Administrator.ROLAND-DOMINIEK\Application Data\Verzendmap van Share-to-Web
2010-07-24 13:37 . 2010-07-24 13:37 75328 ----a-w- c:\documents and settings\Administrator.ROLAND-DOMINIEK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 21:48 . 2008-03-16 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-20 21:51 . 2010-07-20 21:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-20 21:51 . 2010-07-20 21:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-08 15:12 . 2010-07-11 10:18 1146208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-07-06 17:29 . 2007-05-17 16:39 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Vso
2010-07-03 17:15 . 2008-01-12 13:08 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\uTorrent
2010-06-29 22:14 . 2004-12-03 10:15 654886 ----a-w- c:\windows\system32\perfh013.dat
2010-06-29 22:14 . 2004-12-03 10:15 157586 ----a-w- c:\windows\system32\perfc013.dat
2010-06-14 14:31 . 2004-08-04 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-29 11:58 . 2010-05-29 11:58 503808 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20f7bbc5-n\msvcp71.dll
2010-05-29 11:58 . 2010-05-29 11:58 499712 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20f7bbc5-n\jmc.dll
2010-05-29 11:58 . 2010-05-29 11:58 348160 ----a-w- c:\documents and settings\HP_Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-20f7bbc5-n\msvcr71.dll
2010-05-06 10:37 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2005-07-09 17:54 . 2005-07-09 17:54 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-02-10 1937408]
"Device Detection"="c:\program files\Foto.com\Foto.com Editor\dd.exe" [2007-07-20 119296]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-11-04 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-11-05 192512]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 2754560]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2006-06-21 188416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-11 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-29 4603904]
"nwiz"="nwiz.exe" [2004-09-29 921600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 29696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-19 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-8-21 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 08:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-07-13 20:14 24673 ----a-w- c:\windows\system32\ckpNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/05/2008 22:45 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28/05/2008 22:45 297752]
R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [20/06/2006 13:38 225280]
R2 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [21/06/2006 9:47 331776]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [19/07/2006 18:30 17456]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [19/07/2006 18:30 670128]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [19/07/2006 18:45 2041904]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [1/01/2005 21:45 24544]
S2 gupdate1c9d6a6a49ee804;Google Updateservice (gupdate1c9d6a6a49ee804);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 6:19 133104]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [19/07/2006 18:45 14924]
S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;c:\windows\system32\drivers\PCTELSAP.SYS [1/01/2005 21:45 306560]
.
Inhoud van de 'Gedeelde Taken' map

2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-17 04:18]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 04:19]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 04:19]

2010-07-22 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{F3D276F1-01FA-40DD-8BC1-DCB0AB390F17}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download web site met Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Gedownload met Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} - hxxp://fotobook.foto.com/activex/SpeedUploader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 19:27
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSNL.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msls31.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Remote Access\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\Remote Access\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\Remote Access\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2010-07-31 19:31:23 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-31 17:31
ComboFix2.txt 2010-07-31 13:19

Pre-Run: 122.268.065.792 bytes beschikbaar
Post-Run: 122.261.536.768 bytes beschikbaar

- - End Of File - - 4331DC59BD80E34FA69FC98E7FD600F0

[Marckie]

Dat is beter.
Hoe draait de computer nu?
Zijn er nog problemen?

[rolandh]

Marckie, nee tot nu toe ondervind ik geen enkel problemen meer, ik zou ook durven zeggen dat de comp. nu sneller opstart. Nogmaals duizendmaal dank voor het geduld, de begleiding en om me te helpen het probleem op te lossen.
Ik zal nu een vijftal dagen de comp. nauwlettend opvolgen om dan zekers een donatie te doen, jullie hebben dit verdient.Verder wens ik jullie nog van harte succes met "NUCIA security".
Grtjs Rolandh

[Marckie]

Graag gedaan hoor.

Deïnstalleer ComboFix. Ga naar Start - Uitvoeren, tik in: Combofix /Uninstall
(Let op de spatie tussen Combofix en /Uninstall)
Druk daarna op Enter.

Dit zal Combofix verwijderen en alle gerelateerde mappen en bestanden, het herstelt de klokinstellingen, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en het reset Systeemherstel.


Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
Lees ook dit artikel even door: Niets voor niets.
Ga naar de website van Secunia ( http://secunia.com/vulnerability_scanning/online/ ) en laat de Secunia Online Software Inspector (OSI) je computer scannen.
De Secunia Online Software Inspector scant de computer op programma's die niet geupdate zijn en daardoor ook mogelijke beveiligingslekken kunnen bevatten die ondermeer door malware misbruikt kunnen worden.
Plaats voor je de scan start eventueel ook een vinkje bij 'Enable thorough system inspection'. Hierdoor kan OSI ook de programma's vinden indien deze niet op de standaardlocatie geïnstalleerd zijn.
Wordt een niet-up-to-date programma gevonden dan wordt deze in het rood als 'insecure' weergegeven en krijg je de mogelijk om via de 'download-link' de meest recente versie te downloaden.

De status van deze thread zet ik op opgelost.
Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Happy surfing again.

[rolandh]

He Marckie hier ben ik nogmaals.
Heb een probleempje en weet niet of dit samen hangt met het vorige probleem. Als ik dvd-films (die ik in het verleden gekopiëerd/gedownload hebt)
nu wil bekijken op mijn pc speelt deze af op zijn kop, wat vroeger niet het geval was. Zal dit ook probleem geven bij het branden? Kan je me helpen aub voor dit terug in orde te brengen. Zit voor het ogenblik met Windows Media Player 11.

Grtjs Rolandh

[Marckie]

Ik vermoed dat het probleem ontstaan is door installatie van een codec van derden.

[rolandh]

En Marckie kan je dit verhelpen aub
Grtjs Rolandh

[Marckie]

Codecs die je geïnstalleerd hebt zul je moeten verwijderen en kijken of dat het probleem oplost.