SSL-certificaat van Xolphin Powered by Cloud VPS - High Availability Cloud Servers Steun Nucia, doneer!
Resultaten 1 tot 11 van de 11
  1. #1

    Technische vaardigheid
    4.
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    NOD32 Security Suite
    Firewall
    NOD32 Security Suite
    Berichten
    6

    Google onbruikbaar en ongewenste pagina's in browser

    Ik kwam er vanavond achter dat google niet meer werkte in Firefox. Toen ik verder ging kijken werkte het ook niet meer in andere browsers. De layout ziet er anders uit en als ik wil zoeken krijg ik een URL not found melding in een nieuw tablad. Ook krijg ik willekeurig ongewenste pagina's te zien die in een nieuw tabblad openen.

    Een MABM scan geeft geen uitkomsten
    Een scan met de online scanner van kaspersky geeft dit:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, April 20, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Monday, April 19, 2010 16:19:00
    Records in database: 3945301
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 160291
    Threats found: 2
    Infected objects found: 2
    Suspicious objects found: 0
    Scan duration: 03:31:40


    File name / Threat / Threats count
    C:\WINDOWS\system32\mtkgfab.dll Infected: Packed.Win32.Katusha.b 1
    C:\WINDOWS\Temp\evid.tmp\svchost.exe Infected: Trojan-Spy.Win32.Agent.bdpj 1

    Selected area has been scanned.

    Deze heb ik kunnen verwijderen met de virus removal tool, maar deze tool gaf ook aan dat ik een ander probleem heb.
    De log:




    En de hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:10:50, on 20-4-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Documents and Settings\Bram\Bureaublad\Virus Removal Tool\setup_9.0.0.722_19.04.2010_23-13\setup_9.0.0.722_19.04.2010_23-13.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 91.121.82.175 google.co.uk
    O1 - Hosts: 91.121.82.175 www.google.co.uk
    O1 - Hosts: 91.121.82.175 google.com
    O1 - Hosts: 91.121.82.175 www.google.com
    O1 - Hosts: 91.121.82.175 google.fr
    O1 - Hosts: 91.121.82.175 www.google.fr
    O1 - Hosts: 91.121.82.175 google.de
    O1 - Hosts: 91.121.82.175 www.google.de
    O1 - Hosts: 91.121.82.175 google.nl
    O1 - Hosts: 91.121.82.175 www.google.nl
    O1 - Hosts: 91.121.82.175 google.ca
    O1 - Hosts: 91.121.82.175 www.google.ca
    O1 - Hosts: 91.121.82.175 google.com.au
    O1 - Hosts: 91.121.82.175 www.google.com.au
    O1 - Hosts: 91.121.82.175 google.it
    O1 - Hosts: 91.121.82.175 www.google.it
    O1 - Hosts: 91.121.82.175 google.be
    O1 - Hosts: 91.121.82.175 www.google.be
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {16D06FF0-DF58-47F6-BB68-B072BCA98C83} - c:\windows\system32\ifpxmvm.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
    O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: setup_9.0.0.722_19.04.2010_23-13.lnk = C:\Documents and Settings\Bram\Bureaublad\Virus Removal Tool\setup_9.0.0.722_19.04.2010_23-13\startup.exe
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1256562026750
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
    O23 - Service: Intel« PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

    --
    End of file - 15966 bytes

  2. #2
    Schermafbeelding van Emphyrio
    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows Vista Home Premium 32
    Antivirus
    AntiVir 12 Free
    Firewall
    Windows Firewall
    Berichten
    12.660
    Blog Berichten
    23
    Hoi EZBlade,

    Start Hijackthis op.Selecteer “Do a system scan only”.
    Selecteer alleen de items die hieronder zijn genoemd:

    O2 - BHO: (no name) - {16D06FF0-DF58-47F6-BB68-B072BCA98C83} - c:\windows\system32\ifpxmvm.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    Sluit alle vensters behalve HijackThis (HJT) en klik op Fix checked.
    Indien er een vraag komt over backups antwoord je hierop met 'Ja'.
    Sluit HJT.
    _____________________________________________________________

    Download HostsXpert.
    Unzip het programma.
    Start het en klik op "Restore Microsoft Host file".
    Klik op "OK" en sluit het programma af.
    _____________________________________________________________

    Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en ge´nstalleerd worden.
    • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    Indien MBAM vraagt om een herstart, doe dit dan ook.

    Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

    Plaats dit logje.
    _____________________________________________________________


    Download TDSSKiller naar je bureaublad en pak het bestand vervolgens uit
    • Dubbelklik op TDSSKiller.exe om het programma te starten.
    • Wanneer het programma klaar is, zal er een log op de C:\ schijf worden aangemaakt. De bestandsnaam van dat logje begint met TDSSKiller.
    • Post de inhoud van het logje in je volgende bericht.
    _____________________________________________________________

    Download GooredFix van ÚÚn van de onderstaande locaties naar je bureaublad

    Download Mirror #1
    Download Mirror #2
    • Zorg ervoor dat alle FireFox-vensters gesloten zijn.
    • XP: Dubbelklik op GooredFix.exe om het programma te starten.
    • Vista/7: Rechtsklik op GooredFix.exe en kies vervolgens voor Als administrator uitvoeren om het programma te starten.
    • Kies in het venster dat wordt geopend voor Ja.
    • GooredFix zal controleren of dat de Goored-infectie op je systeem aanwezig is, en daarna zal er een logje geopend worden.
      Post de inhoud van dat logje in je volgende bericht (je kan het logje terugvinden op je bureaublad als GooredFix.txt).
    _____________________________________________________________

    Maak een verse Hijackthis log en geef me een update van je probleem.

    De volgende logs had ik dus graag gezien :
    • MBAM
    • TDSSKiller
    • GooredFix
    • Hijackthis

    Emphyrio

  3. #3

    Technische vaardigheid
    4.
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    NOD32 Security Suite
    Firewall
    NOD32 Security Suite
    Berichten
    6
    HostsXpert geeft geen log, maar mijn hosts bestand is weer normaal

    MBAM:
    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Databaseversie: 4014

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    21-4-2010 12:26:56
    mbam-log-2010-04-21 (12-26-56).txt

    Scantype: Snelle scan
    Objecten gescand: 117498
    Verstreken tijd: 5 minuut/minuten, 54 seconde(n)

    Geheugenprocessen ge´nfecteerd: 0
    Geheugenmodulen ge´nfecteerd: 0
    Registersleutels ge´nfecteerd: 0
    Registerwaarden ge´nfecteerd: 0
    Registerdata ge´nfecteerd: 0
    Mappen ge´nfecteerd: 0
    Bestanden ge´nfecteerd: 0

    Geheugenprocessen ge´nfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen ge´nfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels ge´nfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden ge´nfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata ge´nfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen ge´nfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden ge´nfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    TDSSKiller:

    12:28:11:484 2508 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
    12:28:11:484 2508 ================================================================================
    12:28:11:484 2508 SystemInfo:

    12:28:11:484 2508 OS Version: 5.1.2600 ServicePack: 3.0
    12:28:11:484 2508 Product type: Workstation
    12:28:11:484 2508 ComputerName: LENOVO-77BE89FA
    12:28:11:484 2508 UserName: Bram
    12:28:11:484 2508 Windows directory: C:\WINDOWS
    12:28:11:484 2508 Processor architecture: Intel x86
    12:28:11:484 2508 Number of processors: 2
    12:28:11:484 2508 Page size: 0x1000
    12:28:11:484 2508 Boot type: Normal boot
    12:28:11:484 2508 ================================================================================
    12:28:11:484 2508 UnloadDriverW: NtUnloadDriver error 2
    12:28:11:484 2508 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    12:28:11:750 2508 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
    12:28:11:750 2508 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    12:28:11:750 2508 wfopen_ex: Trying to KLMD file open
    12:28:11:750 2508 wfopen_ex: File opened ok (Flags 2)
    12:28:11:750 2508 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
    12:28:11:750 2508 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    12:28:11:750 2508 wfopen_ex: Trying to KLMD file open
    12:28:11:750 2508 wfopen_ex: File opened ok (Flags 2)
    12:28:11:750 2508 Initialize success
    12:28:11:750 2508
    12:28:11:750 2508 Scanning Services ...
    12:28:11:906 2508 Raw services enum returned 438 services
    12:28:11:921 2508
    12:28:11:921 2508 Scanning Kernel memory ...
    12:28:11:921 2508 Devices to scan: 3
    12:28:11:921 2508
    12:28:11:921 2508 Driver Name: Disk
    12:28:11:921 2508 IRP_MJ_CREATE : B80EEBB0
    12:28:11:921 2508 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    12:28:11:921 2508 IRP_MJ_CLOSE : B80EEBB0
    12:28:11:921 2508 IRP_MJ_READ : B80E8D1F
    12:28:11:921 2508 IRP_MJ_WRITE : B80E8D1F
    12:28:11:921 2508 IRP_MJ_QUERY_INFORMATION : 804F4562
    12:28:11:921 2508 IRP_MJ_SET_INFORMATION : 804F4562
    12:28:11:921 2508 IRP_MJ_QUERY_EA : 804F4562
    12:28:11:921 2508 IRP_MJ_SET_EA : 804F4562
    12:28:11:921 2508 IRP_MJ_FLUSH_BUFFERS : B80E92E2
    12:28:11:921 2508 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    12:28:11:921 2508 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    12:28:11:921 2508 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    12:28:11:921 2508 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    12:28:11:921 2508 IRP_MJ_DEVICE_CONTROL : B80E93BB
    12:28:11:921 2508 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
    12:28:11:921 2508 IRP_MJ_SHUTDOWN : B80E92E2
    12:28:11:921 2508 IRP_MJ_LOCK_CONTROL : 804F4562
    12:28:11:921 2508 IRP_MJ_CLEANUP : 804F4562
    12:28:11:921 2508 IRP_MJ_CREATE_MAILSLOT : 804F4562
    12:28:11:921 2508 IRP_MJ_QUERY_SECURITY : 804F4562
    12:28:11:921 2508 IRP_MJ_SET_SECURITY : 804F4562
    12:28:11:921 2508 IRP_MJ_POWER : B80EAC82
    12:28:11:921 2508 IRP_MJ_SYSTEM_CONTROL : B80EF99E
    12:28:11:921 2508 IRP_MJ_DEVICE_CHANGE : 804F4562
    12:28:11:921 2508 IRP_MJ_QUERY_QUOTA : 804F4562
    12:28:11:921 2508 IRP_MJ_SET_QUOTA : 804F4562
    12:28:11:937 2508 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    12:28:11:937 2508
    12:28:11:937 2508 Driver Name: Disk
    12:28:11:937 2508 IRP_MJ_CREATE : B80EEBB0
    12:28:11:937 2508 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    12:28:11:937 2508 IRP_MJ_CLOSE : B80EEBB0
    12:28:11:937 2508 IRP_MJ_READ : B80E8D1F
    12:28:11:937 2508 IRP_MJ_WRITE : B80E8D1F
    12:28:11:937 2508 IRP_MJ_QUERY_INFORMATION : 804F4562
    12:28:11:937 2508 IRP_MJ_SET_INFORMATION : 804F4562
    12:28:11:937 2508 IRP_MJ_QUERY_EA : 804F4562
    12:28:11:937 2508 IRP_MJ_SET_EA : 804F4562
    12:28:11:937 2508 IRP_MJ_FLUSH_BUFFERS : B80E92E2
    12:28:11:937 2508 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    12:28:11:937 2508 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    12:28:11:937 2508 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    12:28:11:937 2508 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    12:28:11:937 2508 IRP_MJ_DEVICE_CONTROL : B80E93BB
    12:28:11:937 2508 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80ECF28
    12:28:11:937 2508 IRP_MJ_SHUTDOWN : B80E92E2
    12:28:11:937 2508 IRP_MJ_LOCK_CONTROL : 804F4562
    12:28:11:937 2508 IRP_MJ_CLEANUP : 804F4562
    12:28:11:937 2508 IRP_MJ_CREATE_MAILSLOT : 804F4562
    12:28:11:937 2508 IRP_MJ_QUERY_SECURITY : 804F4562
    12:28:11:937 2508 IRP_MJ_SET_SECURITY : 804F4562
    12:28:11:937 2508 IRP_MJ_POWER : B80EAC82
    12:28:11:937 2508 IRP_MJ_SYSTEM_CONTROL : B80EF99E
    12:28:11:937 2508 IRP_MJ_DEVICE_CHANGE : 804F4562
    12:28:11:937 2508 IRP_MJ_QUERY_QUOTA : 804F4562
    12:28:11:937 2508 IRP_MJ_SET_QUOTA : 804F4562
    12:28:11:937 2508 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    12:28:11:937 2508
    12:28:11:937 2508 Driver Name: iaStor
    12:28:11:937 2508 IRP_MJ_CREATE : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_CREATE_NAMED_PIPE : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_CLOSE : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_READ : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_WRITE : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_QUERY_INFORMATION : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_SET_INFORMATION : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_QUERY_EA : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_SET_EA : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_FLUSH_BUFFERS : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_QUERY_VOLUME_INFORMATION : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_SET_VOLUME_INFORMATION : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_DIRECTORY_CONTROL : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_FILE_SYSTEM_CONTROL : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_DEVICE_CONTROL : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_SHUTDOWN : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_LOCK_CONTROL : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_CLEANUP : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_CREATE_MAILSLOT : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_QUERY_SECURITY : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_SET_SECURITY : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_POWER : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_SYSTEM_CONTROL : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_DEVICE_CHANGE : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_QUERY_QUOTA : 8AE72AC8
    12:28:11:937 2508 IRP_MJ_SET_QUOTA : 8AE72AC8
    12:28:11:937 2508 Driver "iaStor" infected by TDSS rootkit!
    12:28:11:953 2508 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: 1
    12:28:11:953 2508 File "C:\WINDOWS\system32\drivers\iaStor.sys" infected by TDSS rootkit ... 12:28:11:953 2508 Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
    12:28:11:953 2508 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
    12:28:12:093 2508 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
    12:28:12:140 2508 vfvi6
    12:28:12:281 2508 dsvbh1
    12:28:12:421 2508 fdfb4
    12:28:12:421 2508 Backup copy found, using it..
    12:28:12:859 2508 will be cured on next reboot
    12:28:12:859 2508 Reboot required for cure complete..
    12:28:13:031 2508 Cure on reboot scheduled successfully
    12:28:13:031 2508
    12:28:13:031 2508 Completed
    12:28:13:031 2508
    12:28:13:031 2508 Results:
    12:28:13:031 2508 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
    12:28:13:031 2508 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    12:28:13:031 2508 File objects infected / cured / cured on reboot: 1 / 0 / 1
    12:28:13:031 2508
    12:28:13:031 2508 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
    12:28:13:031 2508 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
    12:28:13:031 2508 UnloadDriverW: NtUnloadDriver error 1
    12:28:13:031 2508 KLMD(ARK) unloaded successfully

    Gooredfix:
    GooredFix by jpshortstuff (08.01.10.1)
    Log created at 12:34 on 21/04/2010 (Bram)
    Firefox version 3.6.3 (nl)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [15:34 02/09/2009]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [13:52 08/11/2009]

    C:\Documents and Settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\extensions\
    [15:49 10/01/2010]
    [19:03 04/12/2009]
    {20a82645-c095-46ed-80e3-08825760534b} [13:39 05/09/2009]
    {446c03e0-2c35-11db-a98b-0800200c9a67} [06:05 19/02/2010]
    {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [21:11 04/01/2010]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [11:57 04/09/2009]
    "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [13:51 08/11/2009]

    -=E.O.F=-

    Verse HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:36:34, on 21-4-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
    O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "N:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1256562026750
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    O23 - Service: MBAMService - Unknown owner - N:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
    O23 - Service: Intel« PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

    --
    End of file - 14944 bytes


    Volgens Kaspersky Virus Removal Tool is het probleem er nog steeds

  4. #4
    Schermafbeelding van Emphyrio
    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows Vista Home Premium 32
    Antivirus
    AntiVir 12 Free
    Firewall
    Windows Firewall
    Berichten
    12.660
    Blog Berichten
    23
    Download TFC en sla deze op je Bureaublad op.
    • Dubbelklik op TFC.exe om het programma te openen.
    • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
    • Klik op de knop Start om het programma te starten.
    • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
      Als dit niet gebeurt, start dan je computer handmatig opnieuw op.




    Download Combofix naar je bureaublad en gebruik het volgens deze handleiding.

    Lees de handleiding even door aub en voer uit wat er staat.

    Extra nota... Zorg ervoor dat je Security software uitschakeld is (Antivirus, Firewall, AntiSpyware) tijdens het gebruik van Combofix.
    Dit omdat deze scanners bepaalde componenten die Combofix gebruikt onterecht zien als ge´nfecteerd, en Combofix zullen blokkeren.

    Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

    Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
    Ga niet verder met de instructies, maar download ComboFix opnieuw.
    Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.


    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

    Deze kan je vinden op C:\combofix.txt.

    Post het Combofixlogje samen met een nieuw HijackThislogje in je volgende antwoord.

    Emphyrio

  5. #5

    Technische vaardigheid
    4.
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    NOD32 Security Suite
    Firewall
    NOD32 Security Suite
    Berichten
    6
    Combofix:
    ComboFix 10-04-20.02 - Bram 21-04-2010 13:23:57.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2624 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Bram\Bureaublad\ComboFix.exe
    AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Persoonlijke firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    * Nieuw herstelpunt werd aangemaakt
    * Aanwezig AV is actief

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\10099.exe
    C:\install.exe
    c:\recycler\S-1-5-21-1103074180-395482058-3166025675-500
    c:\windows\system32\_000011_.tmp.dll
    c:\windows\system32\Thumbs.db

    Besmet exemplaar van c:\windows\system32\DRIVERS\compbatt.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - Kitty had a snack
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-03-21 to 2010-04-21 ))))))))))))))))))))))))))))))
    .

    2010-04-21 11:21 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
    2010-04-19 23:31 . 2010-04-19 23:31 -------- d-----w- c:\program files\Trend Micro
    2010-04-19 22:59 . 2010-04-19 22:59 -------- d--h--w- c:\windows\PIF
    2010-04-19 18:44 . 2010-04-19 18:44 -------- d-----w- c:\program files\Remove on Reboot
    2010-04-19 18:43 . 2010-04-21 10:54 -------- d--h--r- c:\documents and settings\Bram\Onlangs geopend
    2010-04-19 16:19 . 2010-04-19 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-04-16 04:21 . 2010-04-16 04:23 -------- d-----w- C:\wamp
    2010-04-16 04:19 . 2010-04-16 04:21 -------- d-----w- c:\program files\Safari
    2010-04-15 04:33 . 2008-10-21 18:14 -------- d-----w- c:\program files\VideoFixer v3.23 Portable
    2010-04-15 03:58 . 2010-04-15 03:58 91018 ----a-w- c:\windows\system32\prfc0413.dat
    2010-04-15 03:58 . 2010-04-15 03:58 509462 ----a-w- c:\windows\system32\prfh0413.dat
    2010-04-04 20:28 . 2010-04-04 20:54 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-04-04 20:16 . 2010-04-04 20:29 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
    2010-04-04 20:16 . 2010-04-04 20:16 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\ashampoo
    2010-04-04 20:16 . 2010-04-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
    2010-04-04 20:15 . 2010-04-04 20:15 -------- d-----w- c:\program files\Ashampoo
    2010-04-04 18:24 . 2010-04-11 18:40 -------- d-----w- c:\program files\PokerStars
    2010-03-26 22:50 . 2010-04-07 16:05 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\DVD Profiler
    2010-03-22 19:06 . 2010-03-22 19:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-03-22 19:06 . 2010-03-22 19:06 -------- d-----w- c:\documents and settings\Bram\Application Data\skypePM
    2010-03-22 19:05 . 2010-03-22 19:32 -------- d-----w- c:\documents and settings\Bram\Application Data\Skype
    2010-03-22 19:05 . 2010-03-22 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-21 11:01 . 2009-09-02 15:50 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-04-21 10:29 . 2006-02-23 17:18 317464 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2010-04-21 10:20 . 2010-02-20 13:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-20 09:51 . 2009-10-04 12:34 -------- d-----w- c:\documents and settings\Bram\Application Data\Belastingdienst
    2010-04-19 17:13 . 2010-02-20 15:43 -------- d-----w- c:\program files\ESET
    2010-04-19 14:39 . 2010-02-05 14:43 -------- d-----w- c:\documents and settings\Bram\Application Data\vlc
    2010-04-16 17:56 . 2009-09-01 21:38 122152 ----a-w- c:\windows\system32\nvModes.dat
    2010-04-16 04:22 . 2009-09-29 06:34 53192 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-04-16 04:21 . 2009-09-02 17:16 -------- d-----w- c:\documents and settings\Bram\Application Data\Apple Computer
    2010-04-15 01:05 . 2009-09-02 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-12 22:16 . 2010-02-12 08:52 -------- d-----w- c:\documents and settings\Bram\Application Data\XBMC
    2010-04-12 15:19 . 2009-10-13 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2010-04-12 09:49 . 2009-09-25 07:38 -------- d-----w- c:\documents and settings\Bram\Application Data\FileZilla
    2010-04-07 16:02 . 2010-01-01 22:52 -------- d-----w- c:\program files\DVD Profiler
    2010-03-29 22:46 . 2010-02-20 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:45 . 2010-02-20 13:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-29 12:23 . 2006-02-17 09:53 91018 ----a-w- c:\windows\system32\perfc013.dat
    2010-03-29 12:23 . 2006-02-17 09:53 509462 ----a-w- c:\windows\system32\perfh013.dat
    2010-03-28 21:27 . 2010-03-18 10:38 -------- d-----w- c:\documents and settings\Bram\Application Data\U3
    2010-03-18 10:54 . 2010-03-18 10:54 -------- d-----w- c:\program files\NewsLeecher
    2010-03-15 22:08 . 2010-03-15 21:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-03-13 03:39 . 2010-02-05 10:53 -------- d-----w- c:\documents and settings\Bram\Application Data\NewsLeecher
    2010-03-12 20:31 . 2009-09-01 21:30 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-11 21:40 . 2010-02-28 21:59 -------- d-----w- c:\documents and settings\Bram\Application Data\Big Fish Games
    2010-03-10 09:20 . 2010-02-19 12:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-03-10 06:17 . 2006-02-17 09:53 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-04 13:51 . 2009-09-01 21:52 71968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-04 13:47 . 2010-03-04 13:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-03-04 13:46 . 2010-03-04 13:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-03-04 13:45 . 2010-03-04 13:45 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-02-28 23:26 . 2009-11-17 07:41 -------- d-----w- c:\program files\SpeedFan
    2010-02-25 06:20 . 2006-02-17 09:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2006-02-17 09:52 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-23 21:49 . 2010-02-23 21:49 -------- d-----w- c:\documents and settings\Bram\Application Data\Meridian93
    2010-02-20 15:28 . 2010-02-20 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ESET
    2010-02-20 14:36 . 2010-02-20 14:36 -------- d-----w- c:\program files\Windows Installer Clean Up
    2010-02-20 14:36 . 2010-02-20 14:36 -------- d-----w- c:\program files\MSECACHE
    2010-02-20 14:30 . 2010-02-20 14:30 -------- d-----w- c:\documents and settings\Bram\Application Data\ESET
    2010-02-20 14:26 . 2010-02-20 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
    2010-02-20 13:15 . 2010-02-20 13:15 -------- d-----w- c:\documents and settings\Bram\Application Data\Malwarebytes
    2010-02-20 13:15 . 2010-02-20 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-20 12:13 . 2010-02-20 12:13 -------- d-----w- c:\program files\Common Files\Nero
    2010-02-20 12:13 . 2010-02-20 12:13 -------- d-----w- c:\documents and settings\Bram\Application Data\Nero
    2010-02-20 12:13 . 2010-02-20 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2010-02-20 12:13 . 2010-02-20 12:11 -------- d-----w- c:\program files\Nero
    2010-02-20 12:10 . 2010-02-20 12:09 -------- d-----w- c:\program files\CCleaner
    2010-02-20 12:05 . 2009-09-02 08:57 -------- d-----w- c:\program files\Common Files\Ahead
    2010-02-19 11:39 . 2010-02-19 11:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-02-19 11:39 . 2010-02-19 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-02-16 19:09 . 2006-02-17 09:52 2150912 ------w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:09 . 2004-08-04 00:58 2029056 ------w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 10:56 . 2009-11-27 13:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-12 10:03 . 2010-03-09 12:39 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:35 . 2006-02-17 09:52 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2006-02-17 09:53 226880 ------w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-10 17:13 . 2002-10-15 22:54 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-02-04 15:53 . 2010-02-19 11:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-02-04 09:01 . 2010-02-12 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2010-02-04 09:01 . 2010-02-12 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2010-02-04 09:01 . 2010-02-12 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2010-02-04 09:01 . 2010-02-12 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
    "TpShocks"="TpShocks.exe" [2008-06-06 181536]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-15 13594624]
    "nwiz"="nwiz.exe" [2008-12-15 1657376]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-08 149280]
    "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
    "LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
    "LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-19 77824]
    "LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-15 315392]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-06-15 311296]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-06-15 208896]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-15 86016]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 12:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
    2009-05-27 20:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    2009-03-17 17:40 510416 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19-2-2010 13:39 64288]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14-5-2008 16:21 19496]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16-11-2009 10:03 108792]
    R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [9-5-2008 5:50 46144]
    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [26-10-2009 23:21 11776]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16-11-2009 10:04 735960]
    R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [1-9-2009 23:49 208896]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [1-9-2009 23:52 94208]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [14-5-2008 16:25 520192]
    R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [9-5-2008 5:50 360448]
    R3 DCamUSBGene;Integrated Camera;c:\windows\system32\drivers\USBSTK.sys [1-9-2009 23:30 176528]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20-2-2010 15:15 20824]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1-9-2009 23:37 41376]
    S2 dovyybtb;IPX Traffic Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [17-2-2006 11:53 14336]
    S2 MBAMService;MBAMService;"n:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> n:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]
    S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S3 ALSysIO;ALSysIO;\??\c:\docume~1\Bram\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Bram\LOCALS~1\Temp\ALSysIO.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 17:52 1265264]
    S3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys --> c:\windows\system32\DRIVERS\lnvobus.sys [?]
    S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys --> c:\windows\system32\DRIVERS\lnvocard.sys [?]
    S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys --> c:\windows\system32\DRIVERS\lnvogps.sys [?]
    S3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys --> c:\windows\system32\DRIVERS\lnvomdfl.sys [?]
    S3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [1-9-2009 23:40 15104]
    S3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys --> c:\windows\system32\DRIVERS\lnvomdm.sys [?]
    S3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [1-9-2009 23:40 430080]
    S3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys --> c:\windows\system32\DRIVERS\lnvond5.sys [?]
    S3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys --> c:\windows\system32\DRIVERS\lnvounic.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26-9-2009 5:28 4639136]
    S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys --> c:\windows\system32\DRIVERS\lnvoscard.sys [?]
    S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
    S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    dovyybtb
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2010-04-21 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-01 16:40]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://lenovo.live.com
    uInternet Settings,ProxyOverride = *.local
    IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Verzenden naar Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - component: c:\documents and settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    .
    ------- Bestandsassociaties -------
    .
    .txt=
    .
    - - - - ORPHANS VERWIJDERD - - - -

    ShellIconOverlayIdentifiers-{16D06FF0-DF58-47F6-BB68-B072BCA98C83} - (no file)
    HKLM-Run-Malwarebytes' Anti-Malware - n:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    SafeBoot-klmdb.sys
    AddRemove-Mystery Case Files - Return to Ravenhearst - c:\program files\Gamersheaven\Mystery Case Files - Return to Ravenhearst\Uninstal.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Bram\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-21 13:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(872)
    c:\program files\Lenovo\HOTKEY\tphklock.dll

    - - - - - - - > 'explorer.exe'(3756)
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSNL.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
    c:\windows\system32\DLAAPI_W.DLL
    c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\System32\TPHDEXLG.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\TpShocks.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-04-21 13:42:28 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-04-21 11:42

    Pre-Run: 18.215.493.632 bytes beschikbaar
    Post-Run: 18.177.179.648 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 677048F1707629783677D2C43CF1E495

    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:44:52, on 21-4-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
    O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1256562026750
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    O23 - Service: MBAMService - Unknown owner - N:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
    O23 - Service: Intel« PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

    --
    End of file - 14639 bytes

  6. #6

    Technische vaardigheid
    4.
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    NOD32 Security Suite
    Firewall
    NOD32 Security Suite
    Berichten
    6
    Het lijkt erop dat de problemen nu voorbij zijn.
    Kaspersky Virus Removal Tool vindt nu geen problemen meer.

  7. #7
    Schermafbeelding van Emphyrio
    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows Vista Home Premium 32
    Antivirus
    AntiVir 12 Free
    Firewall
    Windows Firewall
    Berichten
    12.660
    Blog Berichten
    23
    Open een kladblokbestand.
    Kopieer het onderstaande en plak dit in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    Code:
    NetSvc::
    dovyybtb
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

    Maak een nieuwe hijackthislog en post deze ook.

  8. #8

    Technische vaardigheid
    4.
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    NOD32 Security Suite
    Firewall
    NOD32 Security Suite
    Berichten
    6
    Combofix:
    ComboFix 10-04-20.02 - Bram 21-04-2010 14:05:52.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2447 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Bram\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Bram\Bureaublad\CFScript.txt
    AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Persoonlijke firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-03-21 to 2010-04-21 ))))))))))))))))))))))))))))))
    .

    2010-04-21 11:46 . 2010-04-21 11:57 -------- d-----w- c:\windows\LastGood
    2010-04-21 11:21 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
    2010-04-21 11:21 . 2008-04-13 18:36 10240 ----a-w- c:\windows\system32\dllcache\compbatt.sys
    2010-04-19 23:31 . 2010-04-19 23:31 -------- d-----w- c:\program files\Trend Micro
    2010-04-19 22:59 . 2010-04-19 22:59 -------- d--h--w- c:\windows\PIF
    2010-04-19 18:44 . 2010-04-19 18:44 -------- d-----w- c:\program files\Remove on Reboot
    2010-04-19 18:43 . 2010-04-21 12:03 -------- d--h--r- c:\documents and settings\Bram\Onlangs geopend
    2010-04-19 16:19 . 2010-04-19 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-04-19 14:48 . 2010-04-19 14:48 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
    2010-04-16 04:21 . 2010-04-16 04:23 -------- d-----w- C:\wamp
    2010-04-16 04:19 . 2010-04-16 04:21 -------- d-----w- c:\program files\Safari
    2010-04-15 04:33 . 2008-10-21 18:14 -------- d-----w- c:\program files\VideoFixer v3.23 Portable
    2010-04-15 03:58 . 2010-04-15 03:58 91018 ----a-w- c:\windows\system32\prfc0413.dat
    2010-04-15 03:58 . 2010-04-15 03:58 509462 ----a-w- c:\windows\system32\prfh0413.dat
    2010-04-04 20:28 . 2010-04-04 20:54 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-04-04 20:16 . 2010-04-04 20:29 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
    2010-04-04 20:16 . 2010-04-04 20:16 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\ashampoo
    2010-04-04 20:16 . 2010-04-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
    2010-04-04 20:15 . 2010-04-04 20:15 -------- d-----w- c:\program files\Ashampoo
    2010-04-04 18:24 . 2010-04-11 18:40 -------- d-----w- c:\program files\PokerStars
    2010-03-26 22:50 . 2010-04-07 16:05 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\DVD Profiler
    2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\19019\AdobeARM.exe
    2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\19019\AdobeExtractFiles.dll
    2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\19019\ReaderUpdater.exe
    2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Acrobat\9.3\ARM\19019\AcrobatUpdater.exe
    2010-03-22 19:06 . 2010-03-22 19:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-03-22 19:06 . 2010-03-22 19:06 -------- d-----w- c:\documents and settings\Bram\Application Data\skypePM
    2010-03-22 19:05 . 2010-03-22 19:32 -------- d-----w- c:\documents and settings\Bram\Application Data\Skype
    2010-03-22 19:05 . 2010-03-22 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-21 11:56 . 2009-09-02 15:50 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-04-21 10:29 . 2006-02-23 17:18 317464 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2010-04-21 10:20 . 2010-02-20 13:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-20 09:51 . 2009-10-04 12:34 -------- d-----w- c:\documents and settings\Bram\Application Data\Belastingdienst
    2010-04-19 18:54 . 2010-02-20 15:59 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-19 17:13 . 2010-02-20 15:43 -------- d-----w- c:\program files\ESET
    2010-04-19 14:48 . 2010-02-19 11:39 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2010-04-19 14:48 . 2010-02-19 11:39 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2010-04-19 14:48 . 2010-02-19 11:39 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2010-04-19 14:48 . 2010-02-19 11:39 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
    2010-04-19 14:48 . 2010-02-19 11:39 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
    2010-04-19 14:48 . 2010-02-19 11:39 432032 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2010-04-19 14:48 . 2010-02-19 11:39 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2010-04-19 14:47 . 2010-02-19 11:39 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2010-04-19 14:47 . 2010-02-19 11:39 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2010-04-19 14:47 . 2010-02-19 11:39 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2010-04-19 14:47 . 2010-02-19 11:39 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2010-04-19 14:47 . 2010-02-19 11:39 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-04-19 14:47 . 2010-02-19 11:39 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2010-04-19 14:47 . 2010-02-19 11:39 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2010-04-19 14:47 . 2010-02-19 11:39 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-04-19 14:39 . 2010-02-05 14:43 -------- d-----w- c:\documents and settings\Bram\Application Data\vlc
    2010-04-16 17:56 . 2009-09-01 21:38 122152 ----a-w- c:\windows\system32\nvModes.dat
    2010-04-16 04:22 . 2009-09-29 06:34 53192 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-04-16 04:21 . 2009-09-02 17:16 -------- d-----w- c:\documents and settings\Bram\Application Data\Apple Computer
    2010-04-15 01:05 . 2009-09-02 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-12 22:16 . 2010-02-12 08:52 -------- d-----w- c:\documents and settings\Bram\Application Data\XBMC
    2010-04-12 15:19 . 2009-10-13 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2010-04-12 09:49 . 2009-09-25 07:38 -------- d-----w- c:\documents and settings\Bram\Application Data\FileZilla
    2010-04-07 16:02 . 2010-01-01 22:52 -------- d-----w- c:\program files\DVD Profiler
    2010-03-29 22:46 . 2010-02-20 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:45 . 2010-02-20 13:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-29 12:23 . 2006-02-17 09:53 91018 ----a-w- c:\windows\system32\perfc013.dat
    2010-03-29 12:23 . 2006-02-17 09:53 509462 ----a-w- c:\windows\system32\perfh013.dat
    2010-03-28 21:27 . 2010-03-18 10:38 -------- d-----w- c:\documents and settings\Bram\Application Data\U3
    2010-03-18 10:54 . 2010-03-18 10:54 -------- d-----w- c:\program files\NewsLeecher
    2010-03-15 22:08 . 2010-03-15 21:08 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-03-13 03:39 . 2010-02-05 10:53 -------- d-----w- c:\documents and settings\Bram\Application Data\NewsLeecher
    2010-03-12 20:31 . 2009-09-01 21:30 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-11 21:40 . 2010-02-28 21:59 -------- d-----w- c:\documents and settings\Bram\Application Data\Big Fish Games
    2010-03-10 09:20 . 2010-02-19 12:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-03-10 06:17 . 2006-02-17 09:53 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-04 13:51 . 2009-09-01 21:52 71968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-04 13:47 . 2010-03-04 13:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-03-04 13:46 . 2010-03-04 13:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-03-04 13:45 . 2010-03-04 13:45 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-03-04 02:00 . 2010-03-04 02:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
    2010-02-28 23:26 . 2009-11-17 07:41 -------- d-----w- c:\program files\SpeedFan
    2010-02-25 06:20 . 2006-02-17 09:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2006-02-17 09:52 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-23 21:49 . 2010-02-23 21:49 -------- d-----w- c:\documents and settings\Bram\Application Data\Meridian93
    2010-02-20 14:36 . 2010-02-20 14:36 3584 ----a-r- c:\documents and settings\Bram\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2010-02-20 14:36 . 2010-02-20 14:36 -------- d-----w- c:\program files\Windows Installer Clean Up
    2010-02-20 14:36 . 2010-02-20 14:36 -------- d-----w- c:\program files\MSECACHE
    2010-02-20 14:30 . 2010-02-20 14:30 -------- d-----w- c:\documents and settings\Bram\Application Data\ESET
    2010-02-20 14:26 . 2010-02-20 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
    2010-02-20 13:15 . 2010-02-20 13:15 -------- d-----w- c:\documents and settings\Bram\Application Data\Malwarebytes
    2010-02-20 13:15 . 2010-02-20 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-20 12:13 . 2010-02-20 12:13 -------- d-----w- c:\program files\Common Files\Nero
    2010-02-20 12:13 . 2010-02-20 12:13 -------- d-----w- c:\documents and settings\Bram\Application Data\Nero
    2010-02-20 12:13 . 2010-02-20 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2010-02-20 12:13 . 2010-02-20 12:11 -------- d-----w- c:\program files\Nero
    2010-02-19 11:39 . 2010-02-19 11:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-02-19 11:39 . 2010-02-19 11:39 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
    2010-02-19 11:39 . 2010-02-19 11:39 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
    2010-02-19 11:39 . 2010-02-19 11:39 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
    2010-02-19 11:39 . 2010-02-19 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-02-19 11:39 . 2010-02-19 11:39 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2010-02-19 11:39 . 2010-02-19 11:39 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
    2010-02-04 09:01 . 2010-02-12 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2010-02-04 09:01 . 2010-02-12 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2010-02-04 09:01 . 2010-02-12 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2010-02-04 09:01 . 2010-02-12 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
    "TpShocks"="TpShocks.exe" [2008-06-06 181536]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-15 13594624]
    "nwiz"="nwiz.exe" [2008-12-15 1657376]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-08 149280]
    "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
    "LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
    "LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-19 77824]
    "LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-15 315392]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-06-15 311296]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-06-15 208896]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-15 86016]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 61440]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 12:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
    2009-05-27 20:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    2009-03-17 17:40 510416 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19-2-2010 13:39 64288]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14-5-2008 16:21 19496]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16-11-2009 10:03 108792]
    R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [9-5-2008 5:50 46144]
    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [26-10-2009 23:21 11776]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16-11-2009 10:04 735960]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [1-9-2009 23:52 94208]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [14-5-2008 16:25 520192]
    R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [9-5-2008 5:50 360448]
    R3 DCamUSBGene;Integrated Camera;c:\windows\system32\drivers\USBSTK.sys [1-9-2009 23:30 176528]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20-2-2010 15:15 20824]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1-9-2009 23:37 41376]
    R4 73085251;73085251;c:\windows\system32\DRIVERS\73085251.sys --> c:\windows\system32\DRIVERS\73085251.sys [?]
    S2 dovyybtb;IPX Traffic Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [17-2-2006 11:53 14336]
    S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [1-9-2009 23:49 208896]
    S2 MBAMService;MBAMService;"n:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> n:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]
    S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S3 ALSysIO;ALSysIO;\??\c:\docume~1\Bram\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Bram\LOCALS~1\Temp\ALSysIO.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 17:52 1265264]
    S3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys --> c:\windows\system32\DRIVERS\lnvobus.sys [?]
    S3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys --> c:\windows\system32\DRIVERS\lnvocard.sys [?]
    S3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys --> c:\windows\system32\DRIVERS\lnvogps.sys [?]
    S3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl.sys --> c:\windows\system32\DRIVERS\lnvomdfl.sys [?]
    S3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [1-9-2009 23:40 15104]
    S3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\lnvomdm.sys --> c:\windows\system32\DRIVERS\lnvomdm.sys [?]
    S3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [1-9-2009 23:40 430080]
    S3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys --> c:\windows\system32\DRIVERS\lnvond5.sys [?]
    S3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys --> c:\windows\system32\DRIVERS\lnvounic.sys [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26-9-2009 5:28 4639136]
    S3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys --> c:\windows\system32\DRIVERS\lnvoscard.sys [?]
    S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
    S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

    --- Andere Services/Drivers In Geheugen ---

    *NewlyCreated* - 73085251
    *NewlyCreated* - 73085252
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

    2010-04-21 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-01 16:40]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://lenovo.live.com
    uInternet Settings,ProxyOverride = *.local
    IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Verzenden naar Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - component: c:\documents and settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-21 14:11
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(872)
    c:\program files\Lenovo\HOTKEY\tphklock.dll

    - - - - - - - > 'explorer.exe'(3392)
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSNL.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2010-04-21 14:13:54
    ComboFix-quarantined-files.txt 2010-04-21 12:13
    ComboFix2.txt 2010-04-21 11:42

    Pre-Run: 18.172.719.104 bytes beschikbaar
    Post-Run: 18.161.979.392 bytes beschikbaar

    - - End Of File - - 085AB1426138333FD4C45B4DDB33674C


    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:15:26, on 21-4-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
    C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Bram\Application Data\Mozilla\Firefox\Profiles\9ud6o2sz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
    O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
    O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1256562026750
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
    O23 - Service: MBAMService - Unknown owner - N:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
    O23 - Service: Intel« PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

    --
    End of file - 14458 bytes

  9. #9
    Schermafbeelding van Emphyrio
    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows Vista Home Premium 32
    Antivirus
    AntiVir 12 Free
    Firewall
    Windows Firewall
    Berichten
    12.660
    Blog Berichten
    23
    Hoi EZBlade,

    Logs zijn clean

    We gaan opruimen...........

    Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

    ComboFix /Uninstall

    Zorg ervoor dat er dus een spatie is tussen Combofix en /
    Daarna klik je op Enter.



    Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.

    _____________________________________________________________

    Download OTC.exe (by OldTimer)
    • Plaats het bestand op je bureaublad.
    • Zorg dat er een internetverbinding is.
    • Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
    • Klik nu op de knop "CleanUp!"
    • Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
    • OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

    Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.
    _____________________________________________________________


    Daarna:

    1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

    2) Wis even je bestaande herstelpunten volgens deze procedure.

    3) Ga naar de website van Secunia en laat de Secunia Online Software Inspector (OSI) je computer scannen.
    De Secunia Online Software Inspector scant de computer op programma's die niet geupdate zijn en daardoor ook mogelijke beveiligingslekken kunnen bevatten die ondermeer door malware misbruikt kunnen worden.
    Plaats voor je de scan start eventueel ook een vinkje bij 'Enable thorough system inspection'.
    Hierdoor kan OSI ook de programma's vinden indien deze niet op de standaardlocatie ge´nstalleerd zijn.
    Wordt een niet-up-to-date programma gevonden dan wordt deze in het rood als 'insecure' weergegeven en krijg je de mogelijk om via de 'download-link' de meest recente versie te downloaden.

    4) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

    Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

    5) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

    Je mag je topic op "Opgelost" zetten.

    Hebben we je goed geholpen? Overweeg eens een donatie aan Nucia

    Emphyrio

  10. #10

    Technische vaardigheid
    4.
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    NOD32 Security Suite
    Firewall
    NOD32 Security Suite
    Berichten
    6
    Heel erg bedankt!
    Heb een donatie gedaan

  11. #11
    Schermafbeelding van Emphyrio
    Technische vaardigheid
    5. Expert
    Besturingssysteem
    Windows Vista Home Premium 32
    Antivirus
    AntiVir 12 Free
    Firewall
    Windows Firewall
    Berichten
    12.660
    Blog Berichten
    23
    Citaat Oorspronkelijk geplaatst door EZBlade Bekijk Berichten
    Heel erg bedankt!
    Heb een donatie gedaan
    Graag gedaan en enorm geapprecieerd

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen