marcelles

Ik heb alles verwijderd en windows opnieuw geinstalleerd.Nu loopt alles terug normaal. Ik dank u voor de medewerking. Groeten Marcelles

neen het is mijn persoonlijke PC.

Ik heb op het kladblok alles van youtube verwijderd.Ik kan youtube nog niet openen

Kan ik die gewoon verwijderen van het kladblad?

y wwwyoutube.com-prizes.com.youtube-nocookie.com outube.com-prizes.com static.ehg-youtube.hitbox.com2mdn.net #[affects Youtube]www.youtube-nocookie.comstatic.2mdn.net #[affects Youtube]youtube.hitbox.com Dit zijn de youtube adressen die ik gevonden heb

Als ik MVPS probeer te starten en ik druk op een toets om verder te gaan gebeurd er niets.

Ik heb DVD videosoft gedesinstacComboFix 11-08-20.01 - Jp 21/08/2011 1:03.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.958.304 [GMT 2:00] Gestart vanuit: g:\documents and settings\Jp\Bureaublad\ComboFix.exe AV: BullGuard Antivirus *Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall *Disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))) . . 2011-08-19 14:28 . 2011-08-19 14:28 -------- d-----w- g:\documents and settings\Jp\Application Data\Malwarebytes 2011-08-19 14:28 . 2011-07-06 17:52 41272 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys 2011-08-19 14:28 . 2011-08-19 14:28 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-19 14:28 . 2011-08-19 14:28 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware 2011-08-19 14:28 . 2011-07-06 17:52 22712 ----a-w- g:\windows\system32\drivers\mbam.sys 2011-08-19 12:51 . 2011-08-19 12:51 -------- d-----w- g:\program files\Speccy 2011-08-18 20:46 . 2011-08-18 20:46 388096 ----a-r- g:\documents and settings\Jp\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-18 20:46 . 2011-08-18 20:46 -------- d-----w- g:\program files\Trend Micro 2011-08-17 13:44 . 2011-08-20 16:09 -------- d--h--r- g:\documents and settings\Jp\Onlangs geopend . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-18 20:12 . 2011-06-29 14:24 404640 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- g:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- g:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2009-05-03 21:50 139656 ----a-w- g:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2008-04-14 20:33 1469440 ----a-w- g:\windows\system32\inetcpl.cpl 2011-06-23 18:31 . 2008-04-14 20:32 916480 ----a-w- g:\windows\system32\wininet.dll 2011-06-23 18:31 . 2008-04-14 20:32 43520 ----a-w- g:\windows\system32\licmgr10.dll 2011-06-23 12:05 . 2008-04-14 20:05 385024 ----a-w- g:\windows\system32\html.iec 2011-06-20 17:44 . 2008-04-14 20:32 293888 ----a-w- g:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2008-04-14 20:05 1859072 ----a-w- g:\windows\system32\win32k.sys 2011-06-03 18:42 . 2011-06-03 18:42 0 ----a-w- g:\windows\system32\ConduitEngine.tmp 2011-05-23 18:54 . 2010-03-18 16:03 100184 ----a-w- g:\windows\system32\BgGamingMonitor.dll 2011-06-16 04:50 . 2011-07-04 17:08 142296 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-08-18_18.26.26 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-20 22:50 . 2011-08-20 22:50 16384 g:\windows\temp\Perflib_Perfdata_480.dat + 2011-08-20 22:50 . 2011-08-20 22:50 16384 g:\windows\temp\Perflib_Perfdata_268.dat + 2011-08-18 20:21 . 2011-08-18 20:21 22016 g:\windows\Installer\36d648.msi + 2011-08-18 20:12 . 2011-08-18 20:12 243360 g:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe + 2011-08-18 20:12 . 2011-08-18 20:12 328864 g:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll + 2011-08-18 20:46 . 2011-08-18 20:46 1094656 g:\windows\Installer\4d981a.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="g:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144] "DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112] "VTTimer"="VTTimer.exe" [2006-09-21 53248] "VTTrayp"="VTtrayp.exe" [2007-05-15 200704] "LogMeIn GUI"="c:\logmein\x86\LogMeInSystray.exe" [2008-07-24 63048] "BullGuard"="g:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2011-07-07 1620824] "Norton Ghost 12.0"="g:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352] "CanonSolutionMenu"="g:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="g:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] "SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . g:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - g:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "g:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 18:35 87352 ----a-w- g:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=g:\windows\system32\BgGamingMonitor.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "g:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "g:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\jp\\Mijn documenten\\Contacts\\pakket\\utorrent.exe"= "g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "g:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R1 BdSpy;BdSpy;g:\windows\system32\drivers\BdSpy.sys [12/03/2010 11:34 64608] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;g:\windows\system32\drivers\NSKernel.sys [17/01/2011 22:48 789448] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;g:\windows\system32\drivers\NSNetmon.sys [17/01/2011 22:48 19272] R2 BsBhvScan;BullGuard Behavioural Detection;g:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [17/01/2011 22:48 338264] R2 BsBrowser;BullGuard antiphishing service;g:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [14/04/2008 22:33 14336] R2 BsFileScan;BullGuard on-access service;g:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 22:33 14336] R2 BsFire;BullGuard firewall service;g:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 22:33 14336] R2 BsMailProxy;BullGuard e-mail monitoring service;g:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 22:33 14336] R2 BsMain;BullGuard main service;g:\windows\System32\SvcHost.exe -k BullGuard_Main [14/04/2008 22:33 14336] R2 BsUpdate;BullGuard update service;g:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [20/05/2011 14:25 320344] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\logmein\x86\rainfo.sys [24/07/2008 18:46 12856] R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/08/2011 16:28 366640] R2 TomTomHOMEService;TomTomHOMEService;g:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16:41 92008] R3 afw;Agnitum firewall driver;g:\windows\system32\drivers\Afw.sys [4/12/2009 12:00 34280] R3 afwcore;afwcore;g:\windows\system32\drivers\AfwCore.sys [4/12/2009 12:00 267624] R3 BsScanner;BullGuard scanning service;g:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [3/03/2010 22:07 288088] R3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [19/08/2011 16:28 22712] R3 SNCP106;PC Camera (6009 CIF);g:\windows\system32\drivers\sncp106.sys [1/05/2010 16:37 243712] S2 gupdate;Google Updateservice (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [18/08/2011 22:11 136176] S3 BgRaSvc;BgRaSvc;g:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [3/03/2010 22:07 125784] S3 gupdatem;Google Update-service (gupdatem);g:\program files\Google\Update\GoogleUpdate.exe [18/08/2011 22:11 136176] S3 MBAMSwissArmy;MBAMSwissArmy;g:\windows\system32\drivers\mbamswissarmy.sys [19/08/2011 16:28 41272] S4 sptd;sptd;g:\windows\system32\drivers\sptd.sys [14/10/2010 23:22 691696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard_Main REG_MULTI_SZ BsMain BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire BullGuard_LowPriv REG_MULTI_SZ BsBrowser . Inhoud van de 'Gedeelde Taken' map . 2011-08-20 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job - g:\program files\Google\Update\GoogleUpdate.exe [2011-08-18 20:11] . 2011-08-20 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job - g:\program files\Google\Update\GoogleUpdate.exe [2011-08-18 20:11] . 2011-08-17 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-920026266-1606980848-1003Core.job - g:\documents and settings\Jp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 04:39] . 2011-08-20 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-920026266-1606980848-1003UA.job - g:\documents and settings\Jp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 04:39] . 2011-08-20 g:\windows\Tasks\User_Feed_Synchronization-{E7C911CB-E945-4688-8BA1-6FFF0F4DF733}.job - g:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ IE: E&xporteren naar Microsoft Excel - c:\office\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - g:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html LSP: g:\windows\system32\BGLsp.dll TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 FF - ProfilePath - g:\documents and settings\Jp\Application Data\Mozilla\Firefox\Profiles\xjhi8n8o.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-21 01:08 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="G?\\WINDOWS\\system32\\FM20ENU.DLL" "3140110900063D11C8EF10054038389C"="G?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(896) g:\windows\system32\BgGamingMonitor.dll g:\windows\system32\LMIinit.dll g:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(1220) g:\windows\system32\BgGamingMonitor.dll . - - - - - - - > 'explorer.exe'(136) g:\program files\BullGuard Ltd\BullGuard\spamfilter\LittleHook.dll g:\program files\Windows Desktop Search\deskbar.dll g:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui g:\program files\Windows Desktop Search\dbres.dll g:\program files\Windows Desktop Search\wordwheel.dll g:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui g:\program files\Windows Desktop Search\msnlExtRes.dll g:\windows\system32\webcheck.dll g:\windows\system32\WPDShServiceObj.dll g:\windows\system32\PortableDeviceTypes.dll g:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-08-21 01:10:07 ComboFix-quarantined-files.txt 2011-08-20 23:10 ComboFix2.txt 2011-08-20 16:00 ComboFix3.txt 2011-08-20 12:47 ComboFix4.txt 2011-08-18 19:10 ComboFix5.txt 2011-08-20 23:02 . Pre-Run: 4.694.986.752 bytes beschikbaar Post-Run: 4.681.175.040 bytes beschikbaar . - - End Of File - - 978ADB69B591B741159C50EAF15670B1 aleerd.Ik youtube nog niet openen.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:09:02, on 20/08/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\System32\SvcHost.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\spoolsv.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe G:\WINDOWS\System32\SvcHost.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe G:\Program Files\Java\jre6\bin\jqs.exe G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe G:\Program Files\Norton Ghost\Agent\VProSvc.exe G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe G:\WINDOWS\SOUNDMAN.EXE G:\WINDOWS\system32\VTTimer.exe G:\WINDOWS\system32\VTtrayp.exe C:\LogMeIn\x86\LogMeInSystray.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe G:\Program Files\Norton Ghost\Agent\VProTray.exe G:\Program Files\Canon\MyPrinter\BJMyPrt.exe G:\Program Files\Common Files\Java\Java Update\jusched.exe G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe G:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\LogMeIn\x86\LMIGuardian.exe G:\WINDOWS\system32\ctfmon.exe G:\WINDOWS\system32\notepad.exe G:\WINDOWS\system32\wscntfy.exe G:\WINDOWS\explorer.exe G:\WINDOWS\system32\notepad.exe G:\Program Files\Windows Live\Messenger\msnmsgr.exe G:\Program Files\Windows Live\Contacts\wlcomm.exe G:\Program Files\Internet Explorer\IEXPLORE.EXE G:\Program Files\Internet Explorer\IEXPLORE.EXE G:\Program Files\Internet Explorer\IEXPLORE.EXE G:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BGAntiphishingBHO - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - G:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - G:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [bullGuard] "G:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] G:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] G:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [TomTomHOME.exe] "G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://G:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - G:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O20 - AppInit_DLLs: G:\WINDOWS\system32\BgGamingMonitor.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll O23 - Service: BgRaSvc - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Ghost - Symantec Corporation - G:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: TomTomHOMEService - TomTom - G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9846 bytes

ComboFix 11-08-19.02 - Jp 20/08/2011 14:38:00.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.958.435 [GMT 2:00] Gestart vanuit: g:\documents and settings\Jp\Bureaublad\ComboFix.exe AV: BullGuard Antivirus *Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913} FW: BullGuard Firewall *Disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))) . . 2011-08-19 14:28 . 2011-08-19 14:28 -------- d-----w- g:\documents and settings\Jp\Application Data\Malwarebytes 2011-08-19 14:28 . 2011-07-06 17:52 41272 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys 2011-08-19 14:28 . 2011-08-19 14:28 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-19 14:28 . 2011-08-19 14:28 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware 2011-08-19 14:28 . 2011-07-06 17:52 22712 ----a-w- g:\windows\system32\drivers\mbam.sys 2011-08-19 12:51 . 2011-08-19 12:51 -------- d-----w- g:\program files\Speccy 2011-08-18 20:46 . 2011-08-18 20:46 388096 ----a-r- g:\documents and settings\Jp\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-18 20:46 . 2011-08-18 20:46 -------- d-----w- g:\program files\Trend Micro 2011-08-17 13:44 . 2011-08-19 20:41 -------- d--h--r- g:\documents and settings\Jp\Onlangs geopend 2011-07-21 18:45 . 2011-07-21 19:03 -------- d-----w- g:\documents and settings\Jp\Application Data\TeamViewer . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-18 20:12 . 2011-06-29 14:24 404640 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- g:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- g:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2009-05-03 21:50 139656 ----a-w- g:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2008-04-14 20:33 1469440 ----a-w- g:\windows\system32\inetcpl.cpl 2011-06-23 18:31 . 2008-04-14 20:32 916480 ----a-w- g:\windows\system32\wininet.dll 2011-06-23 18:31 . 2008-04-14 20:32 43520 ----a-w- g:\windows\system32\licmgr10.dll 2011-06-23 12:05 . 2008-04-14 20:05 385024 ----a-w- g:\windows\system32\html.iec 2011-06-20 17:44 . 2008-04-14 20:32 293888 ----a-w- g:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2008-04-14 20:05 1859072 ----a-w- g:\windows\system32\win32k.sys 2011-06-03 18:42 . 2011-06-03 18:42 0 ----a-w- g:\windows\system32\ConduitEngine.tmp 2011-05-23 18:54 . 2010-03-18 16:03 100184 ----a-w- g:\windows\system32\BgGamingMonitor.dll 2011-06-16 04:50 . 2011-07-04 17:08 142296 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-08-18_18.26.26 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-20 12:14 . 2011-08-20 12:14 16384 g:\windows\temp\Perflib_Perfdata_47c.dat + 2011-08-20 12:14 . 2011-08-20 12:14 16384 g:\windows\temp\Perflib_Perfdata_268.dat + 2011-08-18 20:21 . 2011-08-18 20:21 22016 g:\windows\Installer\36d648.msi + 2011-08-18 20:12 . 2011-08-18 20:12 243360 g:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe + 2011-08-18 20:12 . 2011-08-18 20:12 328864 g:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll + 2011-08-18 20:46 . 2011-08-18 20:46 1094656 g:\windows\Installer\4d981a.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="g:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144] "DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112] "VTTimer"="VTTimer.exe" [2006-09-21 53248] "VTTrayp"="VTtrayp.exe" [2007-05-15 200704] "LogMeIn GUI"="c:\logmein\x86\LogMeInSystray.exe" [2008-07-24 63048] "BullGuard"="g:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2011-07-07 1620824] "Norton Ghost 12.0"="g:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 2037352] "CanonSolutionMenu"="g:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="g:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] "SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="g:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . g:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - g:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "g:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 18:35 87352 ----a-w- g:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=g:\windows\system32\BgGamingMonitor.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "g:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "g:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\jp\\Mijn documenten\\Contacts\\pakket\\utorrent.exe"= "g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "g:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R1 BdSpy;BdSpy;g:\windows\system32\drivers\BdSpy.sys [12/03/2010 11:34 64608] R1 NovaShieldFilterDriver;NovaShieldFilterDriver;g:\windows\system32\drivers\NSKernel.sys [17/01/2011 22:48 789448] R1 NovaShieldTDIDriver;NovaShieldTDIDriver;g:\windows\system32\drivers\NSNetmon.sys [17/01/2011 22:48 19272] R2 BsBhvScan;BullGuard Behavioural Detection;g:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [17/01/2011 22:48 338264] R2 BsBrowser;BullGuard antiphishing service;g:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [14/04/2008 22:33 14336] R2 BsFileScan;BullGuard on-access service;g:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 22:33 14336] R2 BsFire;BullGuard firewall service;g:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 22:33 14336] R2 BsMailProxy;BullGuard e-mail monitoring service;g:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 22:33 14336] R2 BsMain;BullGuard main service;g:\windows\System32\SvcHost.exe -k BullGuard_Main [14/04/2008 22:33 14336] R2 BsUpdate;BullGuard update service;g:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [20/05/2011 14:25 320344] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\logmein\x86\rainfo.sys [24/07/2008 18:46 12856] R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/08/2011 16:28 366640] R2 TomTomHOMEService;TomTomHOMEService;g:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16:41 92008] R3 afw;Agnitum firewall driver;g:\windows\system32\drivers\Afw.sys [4/12/2009 12:00 34280] R3 afwcore;afwcore;g:\windows\system32\drivers\AfwCore.sys [4/12/2009 12:00 267624] R3 BsScanner;BullGuard scanning service;g:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [3/03/2010 22:07 288088] R3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [19/08/2011 16:28 22712] R3 SNCP106;PC Camera (6009 CIF);g:\windows\system32\drivers\sncp106.sys [1/05/2010 16:37 243712] S2 gupdate;Google Updateservice (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [18/08/2011 22:11 136176] S3 BgRaSvc;BgRaSvc;g:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [3/03/2010 22:07 125784] S3 gupdatem;Google Update-service (gupdatem);g:\program files\Google\Update\GoogleUpdate.exe [18/08/2011 22:11 136176] S3 MBAMSwissArmy;MBAMSwissArmy;g:\windows\system32\drivers\mbamswissarmy.sys [19/08/2011 16:28 41272] S4 sptd;sptd;g:\windows\system32\drivers\sptd.sys [14/10/2010 23:22 691696] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - CPUZ135 *Deregistered* - cpuz135 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard_Main REG_MULTI_SZ BsMain BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire BullGuard_LowPriv REG_MULTI_SZ BsBrowser . Inhoud van de 'Gedeelde Taken' map . 2011-08-20 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job - g:\program files\Google\Update\GoogleUpdate.exe [2011-08-18 20:11] . 2011-08-20 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job - g:\program files\Google\Update\GoogleUpdate.exe [2011-08-18 20:11] . 2011-08-17 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-920026266-1606980848-1003Core.job - g:\documents and settings\Jp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 04:39] . 2011-08-19 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-920026266-1606980848-1003UA.job - g:\documents and settings\Jp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-02 04:39] . 2011-08-20 g:\windows\Tasks\User_Feed_Synchronization-{E7C911CB-E945-4688-8BA1-6FFF0F4DF733}.job - g:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ IE: E&xporteren naar Microsoft Excel - c:\office\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - g:\documents and settings\Jp\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to Mp3 Converter - g:\documents and settings\Jp\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - g:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html LSP: g:\windows\system32\BGLsp.dll TCP: DhcpNameServer = 195.130.131.130 195.130.130.2 FF - ProfilePath - g:\documents and settings\Jp\Application Data\Mozilla\Firefox\Profiles\xjhi8n8o.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-20 14:45 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="G?\\WINDOWS\\system32\\FM20ENU.DLL" "3140110900063D11C8EF10054038389C"="G?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(904) g:\windows\system32\BgGamingMonitor.dll g:\windows\system32\LMIinit.dll g:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(1228) g:\windows\system32\BgGamingMonitor.dll . - - - - - - - > 'explorer.exe'(940) g:\program files\BullGuard Ltd\BullGuard\spamfilter\LittleHook.dll g:\program files\Windows Desktop Search\deskbar.dll g:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui g:\program files\Windows Desktop Search\dbres.dll g:\program files\Windows Desktop Search\wordwheel.dll g:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui g:\program files\Windows Desktop Search\msnlExtRes.dll g:\windows\system32\webcheck.dll g:\windows\system32\WPDShServiceObj.dll g:\windows\system32\PortableDeviceTypes.dll g:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-08-20 14:47:21 ComboFix-quarantined-files.txt 2011-08-20 12:47 ComboFix2.txt 2011-08-18 19:10 ComboFix3.txt 2011-08-18 18:28 ComboFix4.txt 2010-05-02 07:56 . Pre-Run: 4.422.307.840 bytes beschikbaar Post-Run: 4.412.280.832 bytes beschikbaar . - - End Of File - - A061E525A5C2076C1D3BD970AEC462DF

Wanneer ik "Restore Microsofts Original Hosts File druk krijg ik een error melding.cannot create file G/windows/system32/DRIVERSETC/host

ja en ook met googlechrome

Ik heb het allemaal geprobeerd het lukt nog niet.

Neen ik kan youtube nog steeds niet openen

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:07:50, on 19/08/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\System32\SvcHost.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\spoolsv.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe G:\WINDOWS\System32\SvcHost.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe G:\Program Files\Java\jre6\bin\jqs.exe G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe G:\Program Files\Norton Ghost\Agent\VProSvc.exe G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe G:\WINDOWS\system32\svchost.exe G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe G:\WINDOWS\Explorer.EXE G:\WINDOWS\SOUNDMAN.EXE G:\WINDOWS\system32\VTTimer.exe G:\WINDOWS\system32\VTtrayp.exe C:\LogMeIn\x86\LogMeInSystray.exe G:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe G:\Program Files\Norton Ghost\Agent\VProTray.exe G:\Program Files\Canon\MyPrinter\BJMyPrt.exe G:\Program Files\Common Files\Java\Java Update\jusched.exe G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe G:\WINDOWS\system32\ctfmon.exe C:\LogMeIn\x86\LMIGuardian.exe G:\Program Files\Windows Desktop Search\WindowsSearch.exe G:\Program Files\Windows Live\Messenger\msnmsgr.exe G:\Program Files\Windows Live\Contacts\wlcomm.exe G:\Program Files\Internet Explorer\IEXPLORE.EXE G:\Program Files\Internet Explorer\IEXPLORE.EXE G:\Program Files\Internet Explorer\IEXPLORE.EXE G:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - G:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BGAntiphishingBHO - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - G:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - G:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [bullGuard] "G:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot O4 - HKLM\..\Run: [Norton Ghost 12.0] "G:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] G:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] G:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [TomTomHOME.exe] "G:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - G:\Documents and Settings\Jp\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - G:\Documents and Settings\Jp\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://G:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - G:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: g:\windows\system32\bglsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O20 - AppInit_DLLs: G:\WINDOWS\system32\BgGamingMonitor.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll O23 - Service: BgRaSvc - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - G:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - G:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Ghost - Symantec Corporation - G:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: TomTomHOMEService - TomTom - G:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 10240 bytes

Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversie: 7507 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19/08/2011 16:40:12 mbam-log-2011-08-19 (16-40-12).txt Scantype: Snelle scan Objecten gescand: 192238 Verstreken tijd: 7 minuut/minuten, 56 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)