RapRob

Kape, ontzettend bedankt. Net uit mijn werk de laatste stappen gedaan. De PC gaat morgen terug naar de eigenaar en ik zal hem verzoeken een donatie te doen aan jullie site. Nogmaals vriendelijk bedankt voor het oplossen van dit hardnekkige probleem.

PC net gescand met AVG en geen meldingen meer! Geweldig. Moet er verder nog iets gebeuren? Kan ik alle tools weer deïnstalleren/verwijderen?

De log van de TDSSKILLER: 21:23:06.0840 5312 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 21:23:06.0934 5312 ============================================================ 21:23:06.0934 5312 Current date / time: 2012/02/01 21:23:06.0934 21:23:06.0934 5312 SystemInfo: 21:23:06.0934 5312 21:23:06.0934 5312 OS Version: 5.1.2600 ServicePack: 3.0 21:23:06.0934 5312 Product type: Workstation 21:23:06.0934 5312 ComputerName: CELDHUIZBV 21:23:06.0934 5312 UserName: Martijn 21:23:06.0934 5312 Windows directory: C:\WINDOWS 21:23:06.0934 5312 System windows directory: C:\WINDOWS 21:23:06.0934 5312 Processor architecture: Intel x86 21:23:06.0934 5312 Number of processors: 2 21:23:06.0934 5312 Page size: 0x1000 21:23:06.0934 5312 Boot type: Normal boot 21:23:06.0934 5312 ============================================================ 21:23:08.0497 5312 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:23:08.0497 5312 \Device\Harddisk0\DR0: 21:23:08.0497 5312 MBR used 21:23:08.0497 5312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927 21:23:08.0497 5312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x1869E559 21:23:08.0528 5312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E845F3D, BlocksNum 0x1BB3AE43 21:23:08.0606 5312 Initialize success 21:23:08.0606 5312 ============================================================ 21:23:28.0200 2768 ============================================================ 21:23:28.0200 2768 Scan started 21:23:28.0200 2768 Mode: Manual; 21:23:28.0200 2768 ============================================================ 21:23:28.0715 2768 Abiosdsk - ok 21:23:28.0731 2768 abp480n5 - ok 21:23:28.0762 2768 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:23:28.0762 2768 ACPI - ok 21:23:28.0778 2768 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:23:28.0793 2768 ACPIEC - ok 21:23:28.0793 2768 adpu160m - ok 21:23:28.0809 2768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:23:28.0809 2768 aec - ok 21:23:28.0840 2768 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 21:23:28.0840 2768 AegisP - ok 21:23:28.0856 2768 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys 21:23:28.0856 2768 Afc - ok 21:23:28.0872 2768 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:23:28.0887 2768 AFD - ok 21:23:28.0918 2768 Aha154x - ok 21:23:28.0934 2768 aic78u2 - ok 21:23:28.0934 2768 aic78xx - ok 21:23:28.0950 2768 AliIde - ok 21:23:28.0950 2768 amsint - ok 21:23:28.0965 2768 asc - ok 21:23:28.0981 2768 asc3350p - ok 21:23:28.0981 2768 asc3550 - ok 21:23:28.0997 2768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:23:28.0997 2768 AsyncMac - ok 21:23:29.0028 2768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:23:29.0028 2768 atapi - ok 21:23:29.0028 2768 Atdisk - ok 21:23:29.0043 2768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:23:29.0043 2768 Atmarpc - ok 21:23:29.0075 2768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:23:29.0075 2768 audstub - ok 21:23:29.0106 2768 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 21:23:29.0106 2768 AVGIDSDriver - ok 21:23:29.0106 2768 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 21:23:29.0106 2768 AVGIDSEH - ok 21:23:29.0122 2768 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 21:23:29.0122 2768 AVGIDSFilter - ok 21:23:29.0137 2768 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 21:23:29.0137 2768 AVGIDSShim - ok 21:23:29.0153 2768 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 21:23:29.0153 2768 Avgldx86 - ok 21:23:29.0200 2768 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 21:23:29.0200 2768 Avgmfx86 - ok 21:23:29.0200 2768 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 21:23:29.0200 2768 Avgrkx86 - ok 21:23:29.0231 2768 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 21:23:29.0231 2768 Avgtdix - ok 21:23:29.0262 2768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:23:29.0262 2768 Beep - ok 21:23:29.0278 2768 catchme - ok 21:23:29.0293 2768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:23:29.0293 2768 cbidf2k - ok 21:23:29.0325 2768 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:23:29.0325 2768 CCDECODE - ok 21:23:29.0356 2768 cd20xrnt - ok 21:23:29.0387 2768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:23:29.0387 2768 Cdaudio - ok 21:23:29.0418 2768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:23:29.0418 2768 Cdfs - ok 21:23:29.0450 2768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:23:29.0450 2768 Cdrom - ok 21:23:29.0481 2768 Changer - ok 21:23:29.0497 2768 CmdIde - ok 21:23:29.0497 2768 Cpqarray - ok 21:23:29.0512 2768 dac2w2k - ok 21:23:29.0528 2768 dac960nt - ok 21:23:29.0528 2768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:23:29.0528 2768 Disk - ok 21:23:29.0559 2768 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 21:23:29.0575 2768 dmboot - ok 21:23:29.0590 2768 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 21:23:29.0606 2768 dmio - ok 21:23:29.0606 2768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:23:29.0606 2768 dmload - ok 21:23:29.0622 2768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:23:29.0622 2768 DMusic - ok 21:23:29.0637 2768 dpti2o - ok 21:23:29.0653 2768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:23:29.0653 2768 drmkaud - ok 21:23:29.0715 2768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:23:29.0715 2768 Fastfat - ok 21:23:29.0715 2768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:23:29.0715 2768 Fdc - ok 21:23:29.0731 2768 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 21:23:29.0731 2768 Fips - ok 21:23:29.0747 2768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:23:29.0747 2768 Flpydisk - ok 21:23:29.0762 2768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:23:29.0762 2768 FltMgr - ok 21:23:29.0809 2768 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 21:23:29.0809 2768 fssfltr - ok 21:23:29.0825 2768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:23:29.0825 2768 Fs_Rec - ok 21:23:29.0840 2768 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:23:29.0840 2768 Ftdisk - ok 21:23:29.0887 2768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 21:23:29.0887 2768 GEARAspiWDM - ok 21:23:29.0903 2768 GMSIPCI - ok 21:23:29.0903 2768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:23:29.0903 2768 Gpc - ok 21:23:29.0918 2768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:23:29.0918 2768 HDAudBus - ok 21:23:29.0934 2768 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:23:29.0934 2768 hidusb - ok 21:23:29.0950 2768 hpn - ok 21:23:29.0981 2768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:23:29.0997 2768 HTTP - ok 21:23:29.0997 2768 i2omgmt - ok 21:23:29.0997 2768 i2omp - ok 21:23:30.0028 2768 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:23:30.0028 2768 i8042prt - ok 21:23:30.0043 2768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:23:30.0043 2768 Imapi - ok 21:23:30.0059 2768 ini910u - ok 21:23:30.0168 2768 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys 21:23:30.0231 2768 IntcAzAudAddService - ok 21:23:30.0262 2768 IntelIde - ok 21:23:30.0278 2768 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:23:30.0278 2768 intelppm - ok 21:23:30.0325 2768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:23:30.0325 2768 Ip6Fw - ok 21:23:30.0340 2768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:23:30.0340 2768 IpFilterDriver - ok 21:23:30.0372 2768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:23:30.0372 2768 IpInIp - ok 21:23:30.0387 2768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:23:30.0387 2768 IpNat - ok 21:23:30.0418 2768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:23:30.0418 2768 IPSec - ok 21:23:30.0434 2768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:23:30.0434 2768 IRENUM - ok 21:23:30.0465 2768 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:23:30.0465 2768 isapnp - ok 21:23:30.0481 2768 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:23:30.0481 2768 Kbdclass - ok 21:23:30.0497 2768 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 21:23:30.0497 2768 kbdhid - ok 21:23:30.0543 2768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:23:30.0543 2768 kmixer - ok 21:23:30.0575 2768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:23:30.0575 2768 KSecDD - ok 21:23:30.0575 2768 lbrtfdc - ok 21:23:30.0622 2768 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 21:23:30.0622 2768 MBAMProtector - ok 21:23:30.0637 2768 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 21:23:30.0637 2768 MHNDRV - ok 21:23:30.0668 2768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:23:30.0668 2768 mnmdd - ok 21:23:30.0684 2768 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 21:23:30.0684 2768 Modem - ok 21:23:30.0715 2768 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:23:30.0715 2768 Mouclass - ok 21:23:30.0731 2768 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:23:30.0731 2768 mouhid - ok 21:23:30.0747 2768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:23:30.0747 2768 MountMgr - ok 21:23:30.0793 2768 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 21:23:30.0793 2768 MpFilter - ok 21:23:30.0872 2768 MpKsla4821a82 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A23E476D-A626-45F4-9482-192CA102EBE3}\MpKsla4821a82.sys 21:23:30.0872 2768 MpKsla4821a82 - ok 21:23:30.0903 2768 mraid35x - ok 21:23:30.0934 2768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:23:30.0934 2768 MRxDAV - ok 21:23:30.0965 2768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:23:30.0965 2768 MRxSmb - ok 21:23:30.0981 2768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:23:30.0981 2768 Msfs - ok 21:23:30.0981 2768 MSICPL - ok 21:23:30.0997 2768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:23:30.0997 2768 MSKSSRV - ok 21:23:31.0012 2768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:23:31.0012 2768 MSPCLOCK - ok 21:23:31.0028 2768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:23:31.0028 2768 MSPQM - ok 21:23:31.0043 2768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:23:31.0059 2768 mssmbios - ok 21:23:31.0059 2768 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 21:23:31.0075 2768 MSTEE - ok 21:23:31.0106 2768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:23:31.0106 2768 Mup - ok 21:23:31.0137 2768 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:23:31.0137 2768 NABTSFEC - ok 21:23:31.0153 2768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:23:31.0168 2768 NDIS - ok 21:23:31.0184 2768 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:23:31.0184 2768 NdisIP - ok 21:23:31.0200 2768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:23:31.0215 2768 NdisTapi - ok 21:23:31.0231 2768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:23:31.0231 2768 Ndisuio - ok 21:23:31.0247 2768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:23:31.0247 2768 NdisWan - ok 21:23:31.0278 2768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:23:31.0278 2768 NDProxy - ok 21:23:31.0325 2768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:23:31.0325 2768 NetBIOS - ok 21:23:31.0340 2768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:23:31.0356 2768 NetBT - ok 21:23:31.0387 2768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:23:31.0403 2768 Npfs - ok 21:23:31.0403 2768 NTACCESS - ok 21:23:31.0434 2768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:23:31.0434 2768 Ntfs - ok 21:23:31.0450 2768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:23:31.0450 2768 Null - ok 21:23:31.0590 2768 nv (f8be83f0c686533170f7537e94bf411a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:23:31.0700 2768 nv - ok 21:23:31.0747 2768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:23:31.0747 2768 NwlnkFlt - ok 21:23:31.0747 2768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:23:31.0762 2768 NwlnkFwd - ok 21:23:31.0809 2768 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS 21:23:31.0809 2768 PAC7302 - ok 21:23:31.0840 2768 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys 21:23:31.0840 2768 Parport - ok 21:23:31.0856 2768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:23:31.0856 2768 PartMgr - ok 21:23:31.0887 2768 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 21:23:31.0887 2768 ParVdm - ok 21:23:31.0903 2768 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 21:23:31.0903 2768 PCI - ok 21:23:31.0903 2768 PCIDump - ok 21:23:31.0918 2768 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:23:31.0918 2768 PCIIde - ok 21:23:31.0934 2768 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:23:31.0934 2768 Pcmcia - ok 21:23:31.0950 2768 PDCOMP - ok 21:23:31.0950 2768 PDFRAME - ok 21:23:31.0965 2768 PDRELI - ok 21:23:31.0965 2768 PDRFRAME - ok 21:23:31.0965 2768 perc2 - ok 21:23:31.0981 2768 perc2hib - ok 21:23:32.0012 2768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:23:32.0012 2768 PptpMiniport - ok 21:23:32.0028 2768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:23:32.0028 2768 PSched - ok 21:23:32.0028 2768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:23:32.0028 2768 Ptilink - ok 21:23:32.0059 2768 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:23:32.0059 2768 PxHelp20 - ok 21:23:32.0075 2768 ql1080 - ok 21:23:32.0075 2768 Ql10wnt - ok 21:23:32.0090 2768 ql12160 - ok 21:23:32.0090 2768 ql1240 - ok 21:23:32.0106 2768 ql1280 - ok 21:23:32.0106 2768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:23:32.0106 2768 RasAcd - ok 21:23:32.0122 2768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:23:32.0122 2768 Rasl2tp - ok 21:23:32.0137 2768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:23:32.0137 2768 RasPppoe - ok 21:23:32.0137 2768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:23:32.0137 2768 Raspti - ok 21:23:32.0153 2768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:23:32.0168 2768 Rdbss - ok 21:23:32.0168 2768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:23:32.0168 2768 RDPCDD - ok 21:23:32.0184 2768 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:23:32.0184 2768 rdpdr - ok 21:23:32.0215 2768 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 21:23:32.0215 2768 RDPWD - ok 21:23:32.0247 2768 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:23:32.0262 2768 redbook - ok 21:23:32.0309 2768 rt2870 (e2e588d92c8e151cd3515ee09fec90e2) C:\WINDOWS\system32\DRIVERS\rt2870.sys 21:23:32.0325 2768 rt2870 - ok 21:23:32.0340 2768 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 21:23:32.0340 2768 RTLE8023xp - ok 21:23:32.0403 2768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:23:32.0418 2768 Secdrv - ok 21:23:32.0434 2768 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:23:32.0434 2768 serenum - ok 21:23:32.0450 2768 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys 21:23:32.0450 2768 Serial - ok 21:23:32.0465 2768 SetupNTGLM7X - ok 21:23:32.0465 2768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:23:32.0465 2768 Sfloppy - ok 21:23:32.0481 2768 Simbad - ok 21:23:32.0497 2768 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:23:32.0497 2768 SLIP - ok 21:23:32.0512 2768 SoC PC-Camera Service - ok 21:23:32.0512 2768 Sparrow - ok 21:23:32.0528 2768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:23:32.0528 2768 splitter - ok 21:23:32.0575 2768 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys 21:23:32.0575 2768 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329 21:23:32.0590 2768 sptd ( LockedFile.Multi.Generic ) - warning 21:23:32.0590 2768 sptd - detected LockedFile.Multi.Generic (1) 21:23:32.0606 2768 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 21:23:32.0606 2768 sr - ok 21:23:32.0622 2768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:23:32.0637 2768 Srv - ok 21:23:32.0653 2768 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys 21:23:32.0653 2768 ss_bbus - ok 21:23:32.0668 2768 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys 21:23:32.0668 2768 ss_bmdfl - ok 21:23:32.0684 2768 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys 21:23:32.0700 2768 ss_bmdm - ok 21:23:32.0715 2768 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\WINDOWS\system32\DRIVERS\ss_bserd.sys 21:23:32.0715 2768 ss_bserd - ok 21:23:32.0747 2768 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:23:32.0747 2768 streamip - ok 21:23:32.0762 2768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:23:32.0762 2768 swenum - ok 21:23:32.0778 2768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:23:32.0778 2768 swmidi - ok 21:23:32.0793 2768 symc810 - ok 21:23:32.0793 2768 symc8xx - ok 21:23:32.0809 2768 sym_hi - ok 21:23:32.0809 2768 sym_u3 - ok 21:23:32.0825 2768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:23:32.0825 2768 sysaudio - ok 21:23:32.0887 2768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:23:32.0887 2768 Tcpip - ok 21:23:32.0903 2768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:23:32.0903 2768 TDPIPE - ok 21:23:32.0934 2768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:23:32.0934 2768 TDTCP - ok 21:23:32.0950 2768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:23:32.0950 2768 TermDD - ok 21:23:32.0981 2768 TosIde - ok 21:23:33.0012 2768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:23:33.0012 2768 Udfs - ok 21:23:33.0028 2768 ultra - ok 21:23:33.0059 2768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:23:33.0059 2768 Update - ok 21:23:33.0090 2768 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 21:23:33.0090 2768 usbaudio - ok 21:23:33.0122 2768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:23:33.0122 2768 usbccgp - ok 21:23:33.0153 2768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:23:33.0153 2768 usbehci - ok 21:23:33.0184 2768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:23:33.0184 2768 usbhub - ok 21:23:33.0215 2768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:23:33.0215 2768 usbscan - ok 21:23:33.0231 2768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:23:33.0231 2768 USBSTOR - ok 21:23:33.0247 2768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:23:33.0247 2768 usbuhci - ok 21:23:33.0262 2768 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 21:23:33.0262 2768 usbvideo - ok 21:23:33.0293 2768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:23:33.0293 2768 VgaSave - ok 21:23:33.0293 2768 ViaIde - ok 21:23:33.0309 2768 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 21:23:33.0309 2768 VolSnap - ok 21:23:33.0325 2768 vvftav211 - ok 21:23:33.0356 2768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:23:33.0356 2768 Wanarp - ok 21:23:33.0372 2768 WDICA - ok 21:23:33.0387 2768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:23:33.0403 2768 wdmaud - ok 21:23:33.0450 2768 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys 21:23:33.0465 2768 WpdUsb - ok 21:23:33.0590 2768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:23:33.0606 2768 WS2IFSL - ok 21:23:33.0700 2768 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:23:33.0700 2768 WSTCODEC - ok 21:23:33.0778 2768 xcpip - ok 21:23:33.0887 2768 xpsec - ok 21:23:34.0043 2768 ZSMC30x - ok 21:23:34.0075 2768 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0 21:23:34.0075 2768 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected 21:23:34.0075 2768 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0) 21:23:34.0090 2768 Boot (0x1200) (de79dba94abe8809c1a3c54c720fb3b2) \Device\Harddisk0\DR0\Partition0 21:23:34.0122 2768 \Device\Harddisk0\DR0\Partition0 - ok 21:23:34.0122 2768 Boot (0x1200) (a10e7b03176d118319439c253d594760) \Device\Harddisk0\DR0\Partition1 21:23:34.0137 2768 \Device\Harddisk0\DR0\Partition1 - ok 21:23:34.0153 2768 Boot (0x1200) (b55eda48716c994b2c633ebdc6ac2a7a) \Device\Harddisk0\DR0\Partition2 21:23:34.0184 2768 \Device\Harddisk0\DR0\Partition2 - ok 21:23:34.0184 2768 ============================================================ 21:23:34.0184 2768 Scan finished 21:23:34.0184 2768 ============================================================ 21:23:34.0184 1724 Detected object count: 2 21:23:34.0184 1724 Actual detected object count: 2 21:24:17.0434 1724 sptd ( LockedFile.Multi.Generic ) - skipped by user 21:24:17.0434 1724 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 21:24:17.0653 1724 \Device\Harddisk0\DR0\# - copied to quarantine 21:24:17.0715 1724 \Device\Harddisk0\DR0 - copied to quarantine 21:24:17.0747 1724 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot 21:24:17.0872 1724 \Device\Harddisk0\DR0 - ok 21:24:17.0872 1724 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure

Emsisoft is net klaar, duurde idd lang, en hierbij de log: Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 1-2-2012 14:22:28 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\, E:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 1-2-2012 14:23:41 c:\windows\Downloaded Program Files\default.inf Ontdekt: Trace.File.iePlugin!A2 Gescand Bestanden: 177030 Sporen: 404391 Cookies: 23 Processen: 49 Gevonden Bestanden: 0 Sporen: 1 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 1-2-2012 18:23:30 Scantijd: 3:59:49 c:\windows\Downloaded Program Files\default.inf Verwijderd Trace.File.iePlugin!A2 Verwijderd Bestanden: 0 Sporen: 1 Cookies: 0

Helaas, nog steeds de melding van AVG, zie de screenshots. Erg hardnekkig of bekend bij U?

De log van ComboFix: ComboFix 12-01-31.01 - Martijn 01-02-2012 12:41:15.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1536 [GMT 1:00] Gestart vanuit: c:\documents and settings\Martijn\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Martijn\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\system32\016.tmp" "c:\windows\system32\01B6.tmp" "c:\windows\system32\025.tmp" "c:\windows\system32\03.tmp" "c:\windows\system32\04.tmp" "c:\windows\system32\06.tmp" "c:\windows\system32\0B1B.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ALFSLITBT -------\Legacy_DZJLLBXTG -------\Legacy_KFHETS -------\Legacy_NCMPX -------\Legacy_SKWSDARKQ -------\Legacy_UDRPTZFI -------\Legacy_VSKHKUGJ -------\Service_alfslitbt -------\Service_dzjllbxtg -------\Service_kfhets -------\Service_kvptsitwl -------\Service_loprkpbq -------\Service_ncmpx -------\Service_nmgfrtl -------\Service_skwsdarkq -------\Service_smhpi -------\Service_udrptzfi -------\Service_uprupe -------\Service_vqmtqq -------\Service_vskhkugj -------\Service_xdkkgonfv . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))) . . 2012-02-01 10:50 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29EE1E31-360A-4785-9C06-E001FB59944B}\mpengine.dll 2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- C:\$AVG 2012-01-31 21:39 . 2012-01-31 21:39 -------- d-----w- c:\program files\Malwarebytes' 2 Anti-Malware 2012-01-31 21:39 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-30 23:30 . 2012-01-30 23:30 -------- d-----w- c:\program files\ESET 2012-01-30 18:37 . 2012-01-30 18:37 -------- d-----w- c:\documents and settings\Martijn\Application Data\Malwarebytes 2012-01-30 18:37 . 2012-01-30 22:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-30 18:37 . 2012-01-30 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-30 18:29 . 2012-01-30 18:29 388096 ----a-r- c:\documents and settings\Martijn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-30 18:29 . 2012-01-30 18:29 -------- d-----w- c:\program files\Trend Micro 2012-01-27 12:29 . 2012-02-01 11:38 -------- d--h--r- c:\documents and settings\Martijn\Onlangs geopend 2012-01-11 17:27 . 2012-01-17 12:12 -------- d-----w- c:\documents and settings\Martijn\Application Data\gtk-2.0 2012-01-11 17:27 . 2012-01-11 17:27 -------- d-----w- c:\documents and settings\Martijn\.thumbnails 2012-01-11 17:08 . 2012-01-11 17:08 -------- d-----w- c:\program files\GIMP-2.0 2012-01-11 16:55 . 2012-01-17 12:20 -------- d-----w- c:\documents and settings\Martijn\.gimp-2.6 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2010-08-22 12:30 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2010-08-23 12:14 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-25 21:57 . 2006-04-10 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2006-04-10 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2006-04-10 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2006-04-10 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2006-04-10 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-03 15:29 . 2006-04-10 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2006-04-10 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-30_21.07.59 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-01 11:45 . 2012-02-01 11:45 16384 c:\windows\Temp\Perflib_Perfdata_104.dat + 2012-01-31 19:50 . 2012-01-31 19:50 4698112 c:\windows\Installer\659cc7.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' 2 Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Sitecom Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Sitecom Wireless Utility.lnk backup=c:\windows\pss\Sitecom Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Martijn^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\documents and settings\Martijn\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 02:04 59392 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-06-28 16:43 8466432 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-06-28 16:43 81920 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-06-28 16:43 1626112 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-03-31 05:26 16857600 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-12-17 16:55 149224 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-12-30 16:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1-8-2008 17:54 685816] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 6:23 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' 2 Anti-Malware\mbamservice.exe [31-1-2012 22:39 652360] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4-10-2011 6:21 16720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31-1-2012 22:39 20464] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3-1-2010 18:03 135664] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3-1-2010 18:03 135664] S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24-3-2011 20:58 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24-3-2011 20:58 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24-3-2011 20:58 123648] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [24-3-2011 20:58 100224] S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys --> c:\windows\system32\drivers\vvftav211.sys [?] S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys --> c:\windows\system32\Drivers\ZS211.sys [?] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - xcpip . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2012-02-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 13:08] . 2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 17:03] . 2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 17:03] . 2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-920026266-725345543-1003Core.job - c:\documents and settings\Martijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 12:22] . 2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-920026266-725345543-1003UA.job - c:\documents and settings\Martijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 12:22] . 2012-02-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.254 62.45.45.45 62.45.46.46 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-01 12:46 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 5.1.2600 Disk: Hitachi_HDP725050GLA360 rev.GM4OA52A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1292428093-920026266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1292428093-920026266-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-1292428093-920026266-725345543-1003) @Allowed: (Read) (S-1-5-21-1292428093-920026266-725345543-1003) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Sitecom\Common\RegistryWriter.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Voltooingstijd: 2012-02-01 12:49:38 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-01 11:49 ComboFix2.txt 2012-02-01 10:42 ComboFix3.txt 2012-01-30 21:11 . Pre-Run: 25.921.081.344 bytes beschikbaar Post-Run: 26.004.082.688 bytes beschikbaar . - - End Of File - - 04FDFD67F96377C3A1BDAB1C6E28E3A6 Ik ga nu weer scannen met AVG en laat je de uitkomst zo weten.

Kape, hierbij de inhoud van de logfile van ComboFix: ComboFix 12-01-31.01 - Martijn 01-02-2012 11:33:24.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1366 [GMT 1:00] Gestart vanuit: c:\documents and settings\Martijn\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Martijn\Application Data\PriceGong c:\documents and settings\Martijn\Application Data\PriceGong\Data\1.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\a.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\b.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\c.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\d.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\e.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\f.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\g.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\h.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\i.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\j.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\k.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\l.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\m.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\n.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\o.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\p.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\q.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\r.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\s.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\t.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\u.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\v.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\w.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\x.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\y.xml c:\documents and settings\Martijn\Application Data\PriceGong\Data\z.xml . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))) . . 2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- C:\$AVG 2012-01-31 21:39 . 2012-01-31 21:39 -------- d-----w- c:\program files\Malwarebytes' 2 Anti-Malware 2012-01-31 21:39 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-31 18:09 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D218801-685C-401A-9515-9934816A1D64}\mpengine.dll 2012-01-30 23:30 . 2012-01-30 23:30 -------- d-----w- c:\program files\ESET 2012-01-30 18:37 . 2012-01-30 18:37 -------- d-----w- c:\documents and settings\Martijn\Application Data\Malwarebytes 2012-01-30 18:37 . 2012-01-30 22:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-30 18:37 . 2012-01-30 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-30 18:29 . 2012-01-30 18:29 388096 ----a-r- c:\documents and settings\Martijn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-30 18:29 . 2012-01-30 18:29 -------- d-----w- c:\program files\Trend Micro 2012-01-27 12:29 . 2012-02-01 10:07 -------- d--h--r- c:\documents and settings\Martijn\Onlangs geopend 2012-01-11 17:27 . 2012-01-17 12:12 -------- d-----w- c:\documents and settings\Martijn\Application Data\gtk-2.0 2012-01-11 17:27 . 2012-01-11 17:27 -------- d-----w- c:\documents and settings\Martijn\.thumbnails 2012-01-11 17:08 . 2012-01-11 17:08 -------- d-----w- c:\program files\GIMP-2.0 2012-01-11 16:55 . 2012-01-17 12:20 -------- d-----w- c:\documents and settings\Martijn\.gimp-2.6 2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-31 12:44 . 2010-08-22 12:30 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-06 04:19 . 2010-08-23 12:14 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-25 21:57 . 2006-04-10 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2006-04-10 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2006-04-10 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2006-04-10 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2006-04-10 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-03 15:29 . 2006-04-10 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2006-04-10 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-30_21.07.59 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-01 10:38 . 2012-02-01 10:38 16384 c:\windows\Temp\Perflib_Perfdata_728.dat + 2012-01-31 19:50 . 2012-01-31 19:50 4698112 c:\windows\Installer\659cc7.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' 2 Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Sitecom Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Sitecom Wireless Utility.lnk backup=c:\windows\pss\Sitecom Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Martijn^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\documents and settings\Martijn\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 02:04 59392 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-06-28 16:43 8466432 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-06-28 16:43 81920 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-06-28 16:43 1626112 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-03-31 05:26 16857600 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-12-17 16:55 149224 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-12-30 16:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11-7-2011 1:14 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13-9-2011 6:30 32592] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1-8-2008 17:54 685816] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-10-2011 6:23 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11-7-2011 1:14 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 6:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 6:09 192776] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21 249648] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' 2 Anti-Malware\mbamservice.exe [31-1-2012 22:39 652360] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11-7-2011 1:14 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11-7-2011 1:14 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4-10-2011 6:21 16720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31-1-2012 22:39 20464] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S2 alfslitbt;Image Universal;c:\windows\system32\svchost.exe -k netsvcs [10-4-2006 13:00 14336] S2 dzjllbxtg;Support Image;c:\windows\system32\svchost.exe -k netsvcs [10-4-2006 13:00 14336] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3-1-2010 18:03 135664] S2 kfhets;Universal Center;c:\windows\system32\svchost.exe -k netsvcs [10-4-2006 13:00 14336] S2 ncmpx;Monitor Config;c:\windows\system32\svchost.exe -k netsvcs [10-4-2006 13:00 14336] S2 skwsdarkq;Microsoft Support;c:\windows\system32\svchost.exe -k netsvcs [10-4-2006 13:00 14336] S2 udrptzfi;Helper Installer;c:\windows\system32\svchost.exe -k netsvcs [10-4-2006 13:00 14336] S2 vskhkugj;Center Security;c:\windows\system32\svchost.exe -k netsvcs [10-4-2006 13:00 14336] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3-1-2010 18:03 135664] S3 kvptsitwl;kvptsitwl;\??\c:\windows\system32\0B1B.tmp --> c:\windows\system32\0B1B.tmp [?] S3 loprkpbq;loprkpbq;\??\c:\windows\system32\06.tmp --> c:\windows\system32\06.tmp [?] S3 nmgfrtl;nmgfrtl;\??\c:\windows\system32\025.tmp --> c:\windows\system32\025.tmp [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?] S3 smhpi;smhpi;\??\c:\windows\system32\04.tmp --> c:\windows\system32\04.tmp [?] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24-3-2011 20:58 98432] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24-3-2011 20:58 14848] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24-3-2011 20:58 123648] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [24-3-2011 20:58 100224] S3 uprupe;uprupe;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?] S3 vqmtqq;vqmtqq;\??\c:\windows\system32\016.tmp --> c:\windows\system32\016.tmp [?] S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys --> c:\windows\system32\drivers\vvftav211.sys [?] S3 xdkkgonfv;xdkkgonfv;\??\c:\windows\system32\01B6.tmp --> c:\windows\system32\01B6.tmp [?] S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys --> c:\windows\system32\Drivers\ZS211.sys [?] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - xcpip . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ncmpx vskhkugj dzjllbxtg alfslitbt kfhets skwsdarkq udrptzfi . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2012-02-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 13:08] . 2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 17:03] . 2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 17:03] . 2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-920026266-725345543-1003Core.job - c:\documents and settings\Martijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 12:22] . 2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-920026266-725345543-1003UA.job - c:\documents and settings\Martijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-27 12:22] . 2012-02-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.254 62.45.45.45 62.45.46.46 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file) HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-01 11:39 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kvptsitwl] "ImagePath"="\??\c:\windows\system32\0B1B.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\loprkpbq] "ImagePath"="\??\c:\windows\system32\06.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmgfrtl] "ImagePath"="\??\c:\windows\system32\025.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smhpi] "ImagePath"="\??\c:\windows\system32\04.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uprupe] "ImagePath"="\??\c:\windows\system32\03.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vqmtqq] "ImagePath"="\??\c:\windows\system32\016.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xdkkgonfv] "ImagePath"="\??\c:\windows\system32\01B6.tmp" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1292428093-920026266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1292428093-920026266-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-1292428093-920026266-725345543-1003) @Allowed: (Read) (S-1-5-21-1292428093-920026266-725345543-1003) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Sitecom\Common\RegistryWriter.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Voltooingstijd: 2012-02-01 11:42:18 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-01 10:42 ComboFix2.txt 2012-01-30 21:11 . Pre-Run: 25.919.168.512 bytes beschikbaar Post-Run: 25.916.944.384 bytes beschikbaar . - - End Of File - - 8C25655AF6AE8877677FD378AC8CA86B Dank

Helaas, AVG geeft nog steeds dezelfde melding . Zie de bijgevoegde screenshots voor de meldingen. Ondanks de melding dat het verwijderd is door AVG blijft hij toch terug komen. Dank

Kape, bedankt voor je snelle reactie. De PC (Ik zit zelf nu op andere machine) wordt op dit moment gescand met AVG. Ik laat je zo meteen weten wat de uitkomst is. Nogmaals hartelijk dank alvast.

De stappen uitgevoerd (MBAM heeft niets aangetroffen). Hierbij de gevraagde logfiles. Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.02.01.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Martijn :: CELDHUIZBV [administrator] Realtime bescherming: Ingeschakeld 1-2-2012 10:25:55 mbam-log-2012-02-01 (10-25-55).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 172150 Verstreken tijd: 4 minuut/minuten, 59 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) _________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:36:48, on 1-2-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' 2 Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sitecom\Common\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Malwarebytes' 2 Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' 2 Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Martijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.11/uploader2.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.nl/SnapfishActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/15/defaults/activex/ips/IPSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' 2 Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe -- End of file - 11882 bytes

Zou iemand van jullie naar onderstaande log willen kijken? Ik blijf meldingen van AVG krijgen over psw.agent.armw. Na de scan van AVG lijkt het erop of de PC weer schoon is, maar bij de volgende scan komt hij weer naar voren?! Hieronder de logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:44:55, on 31-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sitecom\Common\RegistryWriter.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\AVG\AVG2012\avgtray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.11/uploader2.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.nl/SnapfishActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/15/defaults/activex/ips/IPSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe -- End of file - 11450 bytes Alvast bedankt voor de moeite.