Mankenelis1

Kape bedankt voor de geweldige hulp kan nu gerust slapen . bedankt

ComboFix 11-02-19.01 - Sjaak 19-02-2011 23:41:40.10.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3071.2096 [GMT 1:00] Gestart vanuit: c:\users\Sjaak\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Sjaak\Desktop\CFScript.txt..txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))) . 2011-02-19 22:43 . 2011-02-19 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-19 21:02 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B21E4CD-AD69-4B1A-94FA-91A2C7E8B187}\mpengine.dll 2011-02-19 18:57 . 2011-02-19 22:43 -------- d-----w- c:\users\Sjaak\AppData\Local\temp 2011-02-19 16:01 . 2011-02-19 16:01 -------- d-----w- c:\users\Sjaak\AppData\Local\{D84E8CDE-E8B3-4365-BA5A-3B5A4D8B5754} 2011-02-19 15:55 . 2011-02-19 15:55 -------- d-----w- c:\windows\nl 2011-02-19 15:53 . 2011-02-19 15:53 -------- dc----w- c:\windows\system32\DRVSTORE 2011-02-19 15:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\Microsoft 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\MSN Toolbar 2011-02-19 15:46 . 2011-02-19 15:47 -------- d-----w- c:\program files\Bing Bar Installer 2011-02-19 15:46 . 2011-02-19 15:46 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\27ade0fa1cbd04c07\InstallManager_WLE_WLE.exe 2011-02-19 15:45 . 2011-02-19 15:45 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\170b365e1cbd04c06\MeshBetaRemover.exe 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\dsetup32.dll 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\dsetup32.dll 2011-02-19 15:45 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-02-19 15:45 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-02-17 22:32 . 2011-02-17 22:32 388096 ----a-r- c:\users\Sjaak\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-17 22:28 . 2011-02-17 22:28 -------- d-----w- c:\program files\CCleaner 2011-02-17 17:56 . 2011-02-17 17:56 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-02-17 14:58 . 2011-02-17 14:58 -------- d-----w- c:\users\Sjaak\AppData\Local\Adobe 2011-02-16 16:56 . 2011-02-16 16:56 -------- d-----w- c:\users\Sjaak\AppData\Local\Spotnet 2011-02-16 16:20 . 2011-02-17 15:14 -------- d-----w- c:\program files\Spotnet 2011-02-16 16:20 . 2011-02-16 22:20 -------- d-----w- c:\programdata\Spotnet 2011-02-16 15:50 . 2011-02-16 15:50 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Simply Super Software 2011-02-16 15:50 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-02-16 15:50 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-02-16 15:50 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-02-16 15:50 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-02-16 15:50 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-02-15 23:20 . 2011-02-17 15:37 -------- d-----w- c:\program files\Trojan Remover 2011-02-15 23:20 . 2011-02-15 23:20 -------- d-----w- c:\programdata\Simply Super Software 2011-02-15 16:15 . 2011-02-15 17:07 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Binreader 2011-02-11 14:11 . 2011-02-11 14:11 -------- d-----w- c:\program files\TomTom DesktopSuite 2011-02-08 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-08 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-30 19:36 . 2011-01-30 19:36 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 19:15 . 2011-01-30 19:28 -------- d-----w- c:\program files\Capsoft 2011-01-28 16:16 . 2011-01-28 16:16 -------- d--h--w- c:\windows\msdownld.tmp 2011-01-27 19:09 . 2011-01-27 19:09 -------- d-----w- c:\program files\Trend Micro 2011-01-27 15:15 . 2011-01-27 15:15 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Malwarebytes 2011-01-27 15:15 . 2011-01-28 14:45 -------- d-----w- c:\programdata\Malwarebytes 2011-01-27 15:14 . 2011-02-08 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-26 21:42 . 2011-01-28 14:54 -------- d-----w- c:\programdata\clp 2011-01-26 21:41 . 2011-01-26 21:41 -------- d-----w- c:\users\Sjaak\AppData\Local\PackageAware 2011-01-26 21:25 . 2011-01-26 21:28 -------- d-----w- c:\program files\WhiteSmoke 2011-01-23 20:42 . 2011-01-23 20:42 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys 2011-01-23 20:41 . 2011-01-23 20:41 -------- d-----w- c:\programdata\Uniblue . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 16:11 . 2010-09-15 16:46 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-09 19:43 . 2010-09-15 19:31 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-01-09 19:42 . 2010-09-15 19:44 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-01-09 19:42 . 2010-09-15 19:31 215128 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-03 21:41 . 2010-09-15 19:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-11-28 20:08 . 2010-11-28 19:27 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-11-28 20:08 . 2010-11-28 19:27 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-28 20:08 . 2010-11-28 19:27 353576 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2010-09-22 1448800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-07-25 1067912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-02-22 14:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2005-10-11 18:54 339968 ----a-w- c:\windows\vsnpstd.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-29 697328] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-01-23 102416] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] . Inhoud van de 'Gedeelde Taken' map 2011-02-19 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19] . . ------- Bijkomende Scan ------- . IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-02-19 23:44:28 ComboFix-quarantined-files.txt 2011-02-19 22:44 ComboFix2.txt 2011-02-19 22:37 ComboFix3.txt 2011-02-19 22:18 ComboFix4.txt 2011-02-19 22:05 ComboFix5.txt 2011-02-19 22:39 Pre-Run: 483.942.055.936 bytes beschikbaar Post-Run: 483.895.656.448 bytes beschikbaar - - End Of File - - E29E35D82430F7A2976F0CE062ABDB77 Ik hoop dat het nu gelukt is 3x is scheep recht ha ha bedankt ---------- Post toegevoegd om 23:51 ---------- Vorige post was om 23:50 ---------- kan ik nu weer mij AVG er op zetten?

ik hoop dat het nu goed is gegaan kape . ik ben ook maar een begingeling sory. ben al blij dat je mij help . ComboFix 11-02-19.01 - Sjaak 19-02-2011 22:18:26.4.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3071.2124 [GMT 1:00] Gestart vanuit: c:\users\Sjaak\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Sjaak\Desktop\CFScript.txt..txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))) . 2011-02-19 21:20 . 2011-02-19 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-19 21:02 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B21E4CD-AD69-4B1A-94FA-91A2C7E8B187}\mpengine.dll 2011-02-19 18:57 . 2011-02-19 21:20 -------- d-----w- c:\users\Sjaak\AppData\Local\temp 2011-02-19 16:01 . 2011-02-19 16:01 -------- d-----w- c:\users\Sjaak\AppData\Local\{D84E8CDE-E8B3-4365-BA5A-3B5A4D8B5754} 2011-02-19 15:55 . 2011-02-19 15:55 -------- d-----w- c:\windows\nl 2011-02-19 15:53 . 2011-02-19 15:53 -------- dc----w- c:\windows\system32\DRVSTORE 2011-02-19 15:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\Microsoft 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\MSN Toolbar 2011-02-19 15:46 . 2011-02-19 15:47 -------- d-----w- c:\program files\Bing Bar Installer 2011-02-19 15:46 . 2011-02-19 15:46 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\27ade0fa1cbd04c07\InstallManager_WLE_WLE.exe 2011-02-19 15:45 . 2011-02-19 15:45 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\170b365e1cbd04c06\MeshBetaRemover.exe 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\dsetup32.dll 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\dsetup32.dll 2011-02-19 15:45 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-02-19 15:45 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-02-17 22:32 . 2011-02-17 22:32 388096 ----a-r- c:\users\Sjaak\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-17 22:28 . 2011-02-17 22:28 -------- d-----w- c:\program files\CCleaner 2011-02-17 17:56 . 2011-02-17 17:56 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-02-17 14:58 . 2011-02-17 14:58 -------- d-----w- c:\users\Sjaak\AppData\Local\Adobe 2011-02-16 16:56 . 2011-02-16 16:56 -------- d-----w- c:\users\Sjaak\AppData\Local\Spotnet 2011-02-16 16:20 . 2011-02-17 15:14 -------- d-----w- c:\program files\Spotnet 2011-02-16 16:20 . 2011-02-16 22:20 -------- d-----w- c:\programdata\Spotnet 2011-02-16 15:50 . 2011-02-16 15:50 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Simply Super Software 2011-02-16 15:50 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-02-16 15:50 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-02-16 15:50 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-02-16 15:50 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-02-16 15:50 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-02-15 23:20 . 2011-02-17 15:37 -------- d-----w- c:\program files\Trojan Remover 2011-02-15 23:20 . 2011-02-15 23:20 -------- d-----w- c:\programdata\Simply Super Software 2011-02-15 16:15 . 2011-02-15 17:07 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Binreader 2011-02-11 14:11 . 2011-02-11 14:11 -------- d-----w- c:\program files\TomTom DesktopSuite 2011-02-08 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-08 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-30 19:36 . 2011-01-30 19:36 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 19:15 . 2011-01-30 19:28 -------- d-----w- c:\program files\Capsoft 2011-01-28 16:16 . 2011-01-28 16:16 -------- d--h--w- c:\windows\msdownld.tmp 2011-01-27 19:09 . 2011-01-27 19:09 -------- d-----w- c:\program files\Trend Micro 2011-01-27 15:15 . 2011-01-27 15:15 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Malwarebytes 2011-01-27 15:15 . 2011-01-28 14:45 -------- d-----w- c:\programdata\Malwarebytes 2011-01-27 15:14 . 2011-02-08 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-26 21:42 . 2011-01-28 14:54 -------- d-----w- c:\programdata\clp 2011-01-26 21:41 . 2011-01-26 21:41 -------- d-----w- c:\users\Sjaak\AppData\Local\PackageAware 2011-01-26 21:25 . 2011-01-26 21:28 -------- d-----w- c:\program files\WhiteSmoke 2011-01-23 20:42 . 2011-01-23 20:42 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys 2011-01-23 20:41 . 2011-01-23 20:41 -------- d-----w- c:\programdata\Uniblue . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-02 16:11 . 2010-09-15 16:46 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-09 19:43 . 2010-09-15 19:31 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-01-09 19:42 . 2010-09-15 19:44 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-01-09 19:42 . 2010-09-15 19:31 215128 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-03 21:41 . 2010-09-15 19:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-11-28 20:08 . 2010-11-28 19:27 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-11-28 20:08 . 2010-11-28 19:27 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-28 20:08 . 2010-11-28 19:27 353576 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2010-09-22 1448800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-07-25 1067912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-02-22 14:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2005-10-11 18:54 339968 ----a-w- c:\windows\vsnpstd.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-29 697328] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-01-23 102416] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] . Inhoud van de 'Gedeelde Taken' map 2011-02-19 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19] . . ------- Bijkomende Scan ------- . IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-02-19 22:21:32 ComboFix-quarantined-files.txt 2011-02-19 21:21 ComboFix2.txt 2011-02-19 20:38 ComboFix3.txt 2011-02-19 19:59 ComboFix4.txt 2011-02-19 19:01 Pre-Run: 484.292.521.984 bytes beschikbaar Post-Run: 484.250.427.392 bytes beschikbaar - - End Of File - - CF1F71635331AA3828A371C83977CCCA

ComboFix 11-02-19.01 - Sjaak 19-02-2011 21:35:31.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3071.2171 [GMT 1:00] Gestart vanuit: c:\users\Sjaak\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Sjaak\Desktop\CFScript.txt. - Snelkoppeling.lnk SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))) . 2011-02-19 20:37 . 2011-02-19 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-19 18:57 . 2011-02-19 20:37 -------- d-----w- c:\users\Sjaak\AppData\Local\temp 2011-02-19 16:01 . 2011-02-19 16:01 -------- d-----w- c:\users\Sjaak\AppData\Local\{D84E8CDE-E8B3-4365-BA5A-3B5A4D8B5754} 2011-02-19 15:55 . 2011-02-19 15:55 -------- d-----w- c:\windows\nl 2011-02-19 15:53 . 2011-02-19 15:53 -------- dc----w- c:\windows\system32\DRVSTORE 2011-02-19 15:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\Microsoft 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\MSN Toolbar 2011-02-19 15:46 . 2011-02-19 15:47 -------- d-----w- c:\program files\Bing Bar Installer 2011-02-19 15:46 . 2011-02-19 15:46 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\27ade0fa1cbd04c07\InstallManager_WLE_WLE.exe 2011-02-19 15:45 . 2011-02-19 15:45 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\170b365e1cbd04c06\MeshBetaRemover.exe 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\dsetup32.dll 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\dsetup32.dll 2011-02-19 15:45 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-02-19 15:45 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-02-17 22:32 . 2011-02-17 22:32 388096 ----a-r- c:\users\Sjaak\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-17 22:28 . 2011-02-17 22:28 -------- d-----w- c:\program files\CCleaner 2011-02-17 17:56 . 2011-02-17 17:56 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-02-17 14:58 . 2011-02-17 14:58 -------- d-----w- c:\users\Sjaak\AppData\Local\Adobe 2011-02-16 16:56 . 2011-02-16 16:56 -------- d-----w- c:\users\Sjaak\AppData\Local\Spotnet 2011-02-16 16:20 . 2011-02-17 15:14 -------- d-----w- c:\program files\Spotnet 2011-02-16 16:20 . 2011-02-16 22:20 -------- d-----w- c:\programdata\Spotnet 2011-02-16 15:50 . 2011-02-16 15:50 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Simply Super Software 2011-02-16 15:50 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-02-16 15:50 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-02-16 15:50 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-02-16 15:50 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-02-16 15:50 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-02-15 23:20 . 2011-02-17 15:37 -------- d-----w- c:\program files\Trojan Remover 2011-02-15 23:20 . 2011-02-15 23:20 -------- d-----w- c:\programdata\Simply Super Software 2011-02-15 16:15 . 2011-02-15 17:07 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Binreader 2011-02-11 14:11 . 2011-02-11 14:11 -------- d-----w- c:\program files\TomTom DesktopSuite 2011-02-08 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-08 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-04 14:08 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F930B61-329E-448B-8851-D0B90652450D}\mpengine.dll 2011-01-30 19:36 . 2011-01-30 19:36 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 19:15 . 2011-01-30 19:28 -------- d-----w- c:\program files\Capsoft 2011-01-28 16:16 . 2011-01-28 16:16 -------- d--h--w- c:\windows\msdownld.tmp 2011-01-27 19:09 . 2011-01-27 19:09 -------- d-----w- c:\program files\Trend Micro 2011-01-27 15:15 . 2011-01-27 15:15 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Malwarebytes 2011-01-27 15:15 . 2011-01-28 14:45 -------- d-----w- c:\programdata\Malwarebytes 2011-01-27 15:14 . 2011-02-08 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-26 21:42 . 2011-01-28 14:54 -------- d-----w- c:\programdata\clp 2011-01-26 21:41 . 2011-01-26 21:41 -------- d-----w- c:\users\Sjaak\AppData\Local\PackageAware 2011-01-26 21:25 . 2011-01-26 21:28 -------- d-----w- c:\program files\WhiteSmoke 2011-01-23 20:42 . 2011-01-23 20:42 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys 2011-01-23 20:41 . 2011-01-23 20:41 -------- d-----w- c:\programdata\Uniblue . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-09 19:43 . 2010-09-15 19:31 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-01-09 19:42 . 2010-09-15 19:44 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-01-09 19:42 . 2010-09-15 19:31 215128 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-03 21:41 . 2010-09-15 19:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-11-28 20:08 . 2010-11-28 19:27 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-11-28 20:08 . 2010-11-28 19:27 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-28 20:08 . 2010-11-28 19:27 353576 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2010-09-22 1448800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-07-25 1067912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-02-22 14:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2005-10-11 18:54 339968 ----a-w- c:\windows\vsnpstd.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-29 697328] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-01-23 102416] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] . Inhoud van de 'Gedeelde Taken' map 2011-02-19 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19] . . ------- Bijkomende Scan ------- . IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-02-19 21:38:36 ComboFix-quarantined-files.txt 2011-02-19 20:38 ComboFix2.txt 2011-02-19 19:59 ComboFix3.txt 2011-02-19 19:01 Pre-Run: 484.252.987.392 bytes beschikbaar Post-Run: 484.202.352.640 bytes beschikbaar - - End Of File - - A53DF803EB2388E997185C4BBA6B3944

ComboFix 11-02-19.01 - Sjaak 19-02-2011 19:54:43.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3071.2222 [GMT 1:00] Gestart vanuit: c:\users\Sjaak\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\desktop.ini c:\users\Sjaak\AppData\Roaming\Internet Security Suite c:\users\Sjaak\AppData\Roaming\Internet Security Suite\cookies.sqlite c:\users\Sjaak\AppData\Roaming\Smart Engine c:\users\Sjaak\AppData\Roaming\Smart Engine\cookies.sqlite c:\windows\system32\install c:\windows\system32\install\Svchost.exe.vir c:\windows\explorer.exe . . . is geïnfecteerd!! . . .Failed to restore. Attempting to replace on reboot Besmet exemplaar van c:\windows\System32\wininit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))) . 2011-02-19 18:57 . 2011-02-19 18:59 -------- d-----w- c:\users\Sjaak\AppData\Local\temp 2011-02-19 18:57 . 2011-02-19 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-19 16:01 . 2011-02-19 16:01 -------- d-----w- c:\users\Sjaak\AppData\Local\{D84E8CDE-E8B3-4365-BA5A-3B5A4D8B5754} 2011-02-19 15:55 . 2011-02-19 15:55 -------- d-----w- c:\windows\nl 2011-02-19 15:53 . 2011-02-19 15:53 -------- dc----w- c:\windows\system32\DRVSTORE 2011-02-19 15:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\Microsoft 2011-02-19 15:46 . 2011-02-19 15:46 -------- d-----w- c:\program files\MSN Toolbar 2011-02-19 15:46 . 2011-02-19 15:47 -------- d-----w- c:\program files\Bing Bar Installer 2011-02-19 15:46 . 2011-02-19 15:46 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\27ade0fa1cbd04c07\InstallManager_WLE_WLE.exe 2011-02-19 15:45 . 2011-02-19 15:45 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\170b365e1cbd04c06\MeshBetaRemover.exe 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\136467ce1cbd04c05\dsetup32.dll 2011-02-19 15:45 . 2011-02-19 15:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DSETUP.dll 2011-02-19 15:45 . 2011-02-19 15:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\DXSETUP.exe 2011-02-19 15:45 . 2011-02-19 15:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e04bf3a1cbd04c04\dsetup32.dll 2011-02-19 15:45 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-02-19 15:45 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-02-17 22:32 . 2011-02-17 22:32 388096 ----a-r- c:\users\Sjaak\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-17 22:28 . 2011-02-17 22:28 -------- d-----w- c:\program files\CCleaner 2011-02-17 17:56 . 2011-02-17 17:56 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-02-17 14:58 . 2011-02-17 14:58 -------- d-----w- c:\users\Sjaak\AppData\Local\Adobe 2011-02-16 16:56 . 2011-02-16 16:56 -------- d-----w- c:\users\Sjaak\AppData\Local\Spotnet 2011-02-16 16:20 . 2011-02-17 15:14 -------- d-----w- c:\program files\Spotnet 2011-02-16 16:20 . 2011-02-16 22:20 -------- d-----w- c:\programdata\Spotnet 2011-02-16 15:50 . 2011-02-16 15:50 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Simply Super Software 2011-02-16 15:50 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-02-16 15:50 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-02-16 15:50 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-02-16 15:50 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-02-16 15:50 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-02-15 23:20 . 2011-02-17 15:37 -------- d-----w- c:\program files\Trojan Remover 2011-02-15 23:20 . 2011-02-15 23:20 -------- d-----w- c:\programdata\Simply Super Software 2011-02-15 16:15 . 2011-02-15 17:07 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Binreader 2011-02-11 14:11 . 2011-02-11 14:11 -------- d-----w- c:\program files\TomTom DesktopSuite 2011-02-08 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-08 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-04 14:08 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F930B61-329E-448B-8851-D0B90652450D}\mpengine.dll 2011-01-30 19:36 . 2011-01-30 19:36 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 19:15 . 2011-01-30 19:28 -------- d-----w- c:\program files\Capsoft 2011-01-28 16:16 . 2011-01-28 16:16 -------- d--h--w- c:\windows\msdownld.tmp 2011-01-27 19:09 . 2011-01-27 19:09 -------- d-----w- c:\program files\Trend Micro 2011-01-27 15:15 . 2011-01-27 15:15 -------- d-----w- c:\users\Sjaak\AppData\Roaming\Malwarebytes 2011-01-27 15:15 . 2011-01-28 14:45 -------- d-----w- c:\programdata\Malwarebytes 2011-01-27 15:14 . 2011-02-08 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-26 21:42 . 2011-01-28 14:54 -------- d-----w- c:\programdata\clp 2011-01-26 21:41 . 2011-01-26 21:41 -------- d-----w- c:\users\Sjaak\AppData\Local\PackageAware 2011-01-26 21:25 . 2011-01-26 21:28 -------- d-----w- c:\program files\WhiteSmoke 2011-01-23 20:42 . 2011-01-23 20:42 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys 2011-01-23 20:41 . 2011-01-23 20:41 -------- d-----w- c:\programdata\Uniblue . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-09 19:43 . 2010-09-15 19:31 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-01-09 19:42 . 2010-09-15 19:44 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-01-09 19:42 . 2010-09-15 19:31 215128 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-03 21:41 . 2010-09-15 19:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-11-28 20:08 . 2010-11-28 19:27 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-11-28 20:08 . 2010-11-28 19:27 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-28 20:08 . 2010-11-28 19:27 353576 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2010-09-22 1448800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-07-25 1067912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-02-22 14:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2005-10-11 18:54 339968 ----a-w- c:\windows\vsnpstd.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-29 697328] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-01-23 102416] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] . Inhoud van de 'Gedeelde Taken' map 2011-02-19 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19] . . ------- Bijkomende Scan ------- . IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL . - - - - ORPHANS VERWIJDERD - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\atieclxx.exe c:\windows\system32\PnkBstrA.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\program files\Windows Live\Mesh\MOE.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Voltooingstijd: 2011-02-19 20:01:08 - machine werd herstart ComboFix-quarantined-files.txt 2011-02-19 19:01 Pre-Run: 484.378.804.224 bytes beschikbaar Post-Run: 484.220.022.784 bytes beschikbaar - - End Of File - - EDB218E7722EF2B41CA99442C914F518 ---------- Post toegevoegd om 20:18 ---------- Vorige post was om 20:04 ---------- Ik denkt dat dit de oplossing was het is nu verdwenen gomeo/nl. mag ik het team van pc helpforum bedanken voor de goede begeleiding met dit vervelende onderwerp. bedankt bedankt:adore:

kweezie wabbit. ik heb als uitgevoerd wat je schreef maar hij blijft terug komen gomeno.nl. het is blijkbaar een lastige om te verwijderen

hij komt nog steeds als ik google gomeo.nl

hier mij nieuwe hijackthis log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:29:29, on 18-2-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Trojan Remover\Trjscan.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 5917 bytes

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5777 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 18-2-2011 14:56:45 mbam-log-2011-02-18 (14-56-45).txt Scantype: Snelle scan Objecten gescand: 143610 Verstreken tijd: 2 minuut/minuten, 6 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:01:02, on 18-2-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll F2 - REG:system.ini: Shell= O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 5901 bytes

Ik gaan nu eerst slapen zie julie morgen midag weer al vast bedankt slaap wel

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:50:28, on 17-2-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll F2 - REG:system.ini: Shell= O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 6385 bytes

als ik via google zoek krijg ik steeds gomeo wie kan mij helpen om dit te voorkomen ik heb hijack al laten draaien maar daar word ik niet wijzer