spybot s&d heeft malware gevonden win32.fraudload.edt

[piloot]

Hallo,

ik vermoed dat ik een virus heb op mijn laptop.

Adaware 8.10 slaat vast na het vinden van infectie. Naar aanleiding van dit probleem heb ik spybot s&d geinstall.

Deze kan de malware vinden win32.fraudload.edt

Heb hem al een paar maal verwijdert maar het probleem komt steeds terug.

Win32.FraudLoad.edt: [sBI $62B0666F] Autorun instellingen (INI Verwijderen, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2009-10-18 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-09-07 advcheck.dll (1.6.4.18)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2009-10-08 Includes\Adware.sbi (*)

2009-10-13 Includes\AdwareC.sbi (*)

2009-01-22 Includes\Cookies.sbi (*)

2009-10-14 Includes\Dialer.sbi (*)

2009-10-13 Includes\DialerC.sbi (*)

2009-01-22 Includes\HeavyDuty.sbi (*)

2009-05-26 Includes\Hijackers.sbi (*)

2009-10-13 Includes\HijackersC.sbi (*)

2009-09-29 Includes\Keyloggers.sbi (*)

2009-10-06 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2009-10-13 Includes\Malware.sbi (*)

2009-10-14 Includes\MalwareC.sbi (*)

2009-03-25 Includes\PUPS.sbi (*)

2009-10-13 Includes\PUPSC.sbi (*)

2009-01-22 Includes\Revision.sbi (*)

2009-01-13 Includes\Security.sbi (*)

2009-10-13 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2009-10-13 Includes\Spyware.sbi (*)

2009-10-13 Includes\SpywareC.sbi (*)

2009-06-08 Includes\Tracks.uti

2009-10-06 Includes\Trojans.sbi (*)

2009-10-14 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Dit is de logfile van hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:31:27, on 20/10/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

E:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Jurgen\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [eDataSecurity Loader] //~c:\acer\empowering technology\edatasecurity\edsloader.exe

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] "C:\Acer\WR_PopUp\WarReg_PopUp.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [LManager] "C:\PROGRA~1\LAUNCH~1\LManager.exe"

O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] //~e:\program files\nokia\nokia pc suite 6\launchapplication.exe -startup

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] //~c:\program files\windows media player\wmpnscfg.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [nCleaner] e:\Program Files\NKProds\nCleaner\nCleaner.exe -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Verzenden via Bericht(&M)... - E:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O8 - Extra context menu item: Verzenden via Bluetooth - E:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://78.20.25.249:5550/WebCamX.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.23.0.cab

O16 - DPF: {C6B8A039-7350-42CB-ACF2-CDBB0E598EB0} - http://search.live.com/s/p4/p4dwvista.cab?ver=

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll

O23 - Service: 1206654559 (.1206654559) - Unknown owner - C:\ProgramData\Jurgen1206654559.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: BlueSoleilCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: BsHelpCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: TomTomHOMEService - TomTom - e:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 15942 bytes

Ik heb norton 360 maar die kan niets vinden. Heb systeemherstel uitgeschakeld en ccleaner gestart. Maar probleem blijft terugkomen.

Malwarebytes kan ook niets vinden.

Wat kan ik nog proberen:pcguru:

Alvast bedankt

[kape]

Ga naar Start - Uitvoeren en tik in: sc stop .1206654559

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete .1206654559

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc stop “Boonty Games”

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete “Boonty Games”

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc stop BOONTY

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete BOONTY

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

En laat Spybot er dan nog eens op los. Benieuwd wat die nog te vertellen heeft ?

[piloot]

Hallo Kape bedankt voor je snelle reactie,

ik heb alles gedaan zoals je gezegd hebt. Maar het probleem blijft bestaan.

Ik heb trouwens nooit een melding gehad van malwarebytes.

Hieronder de log van malwarebytes.

Malwarebytes' Anti-Malware 1.41

Database versie: 3005

Windows 6.0.6002 Service Pack 2

21/10/2009 18:08:58

mbam-log-2009-10-21 (18-08-58).txt

Scan type: Snelle Scan

Objecten gescand: 123211

Verstreken tijd: 4 minute(s), 57 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Hieronder de log van hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:19:12, on 21/10/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

E:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Jurgen\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Windows\system32\NOTEPAD.EXE

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [eDataSecurity Loader] //~c:\acer\empowering technology\edatasecurity\edsloader.exe

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] "C:\Acer\WR_PopUp\WarReg_PopUp.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [LManager] "C:\PROGRA~1\LAUNCH~1\LManager.exe"

O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] //~e:\program files\nokia\nokia pc suite 6\launchapplication.exe -startup

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] e:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] //~c:\program files\windows media player\wmpnscfg.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [nCleaner] e:\Program Files\NKProds\nCleaner\nCleaner.exe -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Verzenden via Bericht(&M)... - E:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

O8 - Extra context menu item: Verzenden via Bluetooth - E:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://78.20.25.249:5550/WebCamX.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.23.0.cab

O16 - DPF: {C6B8A039-7350-42CB-ACF2-CDBB0E598EB0} - http://search.live.com/s/p4/p4dwvista.cab?ver=

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll

O23 - Service: 1206654559 (.1206654559) - Unknown owner - C:\ProgramData\Jurgen1206654559.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: BlueSoleilCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: BsHelpCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: BsMobileCS - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: TomTomHOMEService - TomTom - e:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 15947 bytes

Hieronder de logfile van spybot

Win32.FraudLoad.edt: [sBI $62B0666F] Autorun instellingen (INI Verwijderen, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2009-10-18 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-09-07 advcheck.dll (1.6.4.18)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2009-10-08 Includes\Adware.sbi (*)

2009-10-13 Includes\AdwareC.sbi (*)

2009-01-22 Includes\Cookies.sbi (*)

2009-10-14 Includes\Dialer.sbi (*)

2009-10-13 Includes\DialerC.sbi (*)

2009-01-22 Includes\HeavyDuty.sbi (*)

2009-05-26 Includes\Hijackers.sbi (*)

2009-10-13 Includes\HijackersC.sbi (*)

2009-09-29 Includes\Keyloggers.sbi (*)

2009-10-06 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2009-10-13 Includes\Malware.sbi (*)

2009-10-14 Includes\MalwareC.sbi (*)

2009-03-25 Includes\PUPS.sbi (*)

2009-10-13 Includes\PUPSC.sbi (*)

2009-01-22 Includes\Revision.sbi (*)

2009-01-13 Includes\Security.sbi (*)

2009-10-13 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2009-10-13 Includes\Spyware.sbi (*)

2009-10-13 Includes\SpywareC.sbi (*)

2009-06-08 Includes\Tracks.uti

2009-10-06 Includes\Trojans.sbi (*)

2009-10-14 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

De malware zit er dus nog op, ik heb deze daarna met spybot verwijdert, maar dat helpt niet:argh:

[kape]

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• 
  Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[piloot]

Dit is de logfile van combofix

ComboFix 09-10-20.03 - Jurgen 21/10/2009 19:31.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.1599 [GMT 2:00]

Gestart vanuit: c:\users\Jurgen\Desktop\ComboFix.exe

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

ADS - Windows: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\drv\Tuner\Yuan\Resources\_desktop.ini

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk

c:\users\Jurgen\AppData\Roaming\inst.exe

c:\windows\Installer\2a25c3.msi

c:\windows\Installer\e96987.msi

c:\windows\system32\w32apiw.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Boonty Games

(((((((((((((((((((( Bestanden Gemaakt van 2009-09-21 to 2009-10-21 ))))))))))))))))))))))))))))))

.

2009-10-18 19:18 . 2009-10-20 18:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-10-15 13:59 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-15 13:59 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-10-15 13:59 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-10-10 11:14 . 2009-10-10 11:14 -------- d-----w- c:\users\Jurgen\AppData\Local\CyberLink

2009-10-03 15:02 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-03 15:02 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-03 15:02 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-03 15:02 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-03 15:01 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-03 15:01 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-03 15:01 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-03 15:01 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-03 15:01 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-09-26 06:23 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-09-26 06:23 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-09-26 06:23 . 2009-09-26 06:23 -------- d-----w- c:\program files\iPod

2009-09-26 06:23 . 2009-09-26 06:23 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-26 06:20 . 2009-09-26 06:21 -------- d-----w- c:\program files\QuickTime

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-21 17:44 . 2009-08-03 19:04 -------- d-----w- c:\users\Jurgen\AppData\Roaming\BatteryBar

2009-10-21 15:39 . 2006-11-02 16:11 667352 ----a-w- c:\windows\system32\perfh013.dat

2009-10-21 15:39 . 2006-11-02 16:11 126854 ----a-w- c:\windows\system32\perfc013.dat

2009-10-20 19:55 . 2008-03-27 21:52 -------- d-----w- c:\programdata\Google Updater

2009-10-20 19:02 . 2008-03-29 22:36 -------- d-----w- c:\programdata\Lavasoft

2009-10-18 18:43 . 2008-03-28 15:51 151798 ----a-w- c:\users\Jurgen\AppData\Roaming\nvModes.dat

2009-10-18 17:13 . 2008-07-20 15:56 -------- d-----w- c:\program files\Common Files\Steam

2009-10-17 21:43 . 2008-03-31 17:19 680 ----a-w- c:\users\Jurgen\AppData\Local\d3d9caps.dat

2009-10-17 19:00 . 2009-07-31 10:30 -------- d-----w- c:\users\Jurgen\AppData\Roaming\uTorrent

2009-10-17 16:11 . 2008-04-07 18:29 -------- d-----w- c:\users\Jurgen\AppData\Roaming\UseNeXT

2009-10-17 13:21 . 2008-04-04 18:23 -------- d-----w- c:\programdata\Installations

2009-10-17 13:16 . 2008-04-04 19:26 -------- d-----w- c:\program files\Nokia

2009-10-17 13:15 . 2008-04-04 18:32 -------- d-----w- c:\program files\Common Files\Nokia

2009-10-15 18:43 . 2008-07-20 14:42 -------- d-----w- c:\users\Jurgen\AppData\Roaming\Vso

2009-10-15 14:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-15 14:08 . 2007-12-24 16:11 -------- d-----w- c:\programdata\Microsoft Help

2009-10-15 14:06 . 2007-12-24 16:13 -------- d-----w- c:\program files\Microsoft Works

2009-10-10 12:53 . 2008-04-23 16:51 -------- d-----w- c:\users\Jurgen\AppData\Roaming\Apple Computer

2009-10-03 08:25 . 2009-01-09 16:00 -------- d-----w- c:\program files\Microsoft

2009-09-30 16:00 . 2008-03-28 22:08 -------- d-----w- c:\users\Jurgen\AppData\Roaming\Skype

2009-09-27 14:27 . 2008-04-12 21:59 116 ----a-w- c:\users\Jurgen\AppData\Roaming\wklnhst.dat

2009-09-26 06:23 . 2008-04-23 16:40 -------- d-----w- c:\program files\Common Files\Apple

2009-09-19 19:53 . 2009-09-05 20:32 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-09-19 19:53 . 2009-09-05 20:31 189488 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-09-14 09:29 . 2009-10-15 13:58 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-09-11 17:08 . 2009-09-11 17:08 24744 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2009-09-10 21:52 . 2009-09-10 21:52 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2009-09-10 12:54 . 2009-08-02 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 12:53 . 2009-08-02 10:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-08 20:08 . 2008-03-30 00:22 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-05 20:32 . 2009-09-05 20:32 139152 ----a-w- c:\users\Jurgen\AppData\Roaming\PnkBstrK.sys

2009-09-05 20:31 . 2009-09-05 20:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-09-05 20:31 . 2009-09-05 20:31 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-09-04 11:41 . 2009-10-15 13:58 60928 ----a-w- c:\windows\system32\msasn1.dll

2009-09-01 13:49 . 2008-03-28 09:53 -------- d-----w- c:\program files\IncrediMail

2009-08-29 00:27 . 2009-09-03 13:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-03 13:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-08-27 05:22 . 2009-10-15 13:58 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 05:17 . 2009-10-15 13:58 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-08-27 05:17 . 2009-10-15 13:58 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-08-27 03:42 . 2009-10-15 13:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-14 16:27 . 2009-09-08 18:56 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-08 18:56 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-08 18:56 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-08 18:56 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-08 18:56 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-08 18:56 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-08 18:56 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-08 18:56 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-08 18:56 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-08 18:56 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-08 18:56 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll

2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2008-03-29 20:57 . 2008-03-29 17:21 48 --sh--w- c:\windows\S8AF3BD55.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-27 68856]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"nCleaner"="e:\program files\NKProds\nCleaner\nCleaner.exe" [2007-07-05 710656]

"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-15 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-15 8534560]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-15 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]

"Nokia.PCSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-24 535336]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]

backup=c:\windows\pss\PDFCreator.lnk.CommonStartup

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beidsystemtray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:99,9a,54,22,0a,03,ca,01

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [7/01/2009 23:39 20744]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090923.001\IDSvix86.sys [26/09/2009 8:07 272432]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [27/03/2008 17:13 41456]

R2 BsMobileCS;BsMobileCS;e:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/02/2009 16:40 143467]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 21:37 149352]

R2 SBSDWSCService;SBSD Security Center Service;e:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/10/2009 21:18 1153368]

R2 TomTomHOMEService;TomTomHOMEService;e:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 17:05 92008]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [7/12/2008 13:44 30088]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/12/2007 23:39 32256]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [2/07/2008 14:58 26248]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 8:40 3668480]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 13:31 41008]

S2 .1206654559;1206654559;c:\programdata\Jurgen1206654559.exe [5/04/2009 16:43 454420]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usb.sys [17/04/2009 18:36 35712]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [24/12/2007 23:39 180736]

S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 4:32 23888]

S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\System32\drivers\FTD2XX.sys [14/11/2008 16:44 29292]

S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [29/03/2008 21:05 80744]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - COMHOST

*Deregistered* - EraserUtilRebootDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

2009-10-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-27 18:42]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://nl.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Append Link Target to Existing PDF

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Verzenden via Bericht(&M)... - e:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm

IE: Verzenden via Bluetooth - e:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: {01232355-5C70-455B-B33E-A62433F3B77F} - hxxp://78.20.25.249:5550/WebCamX.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.23.0.cab

DPF: {C6B8A039-7350-42CB-ACF2-CDBB0E598EB0} - hxxp://search.live.com/s/p4/p4dwvista.cab?ver=

.

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-WMPNSCFG - files\windows media player\wmpnscfg.exe

HKLM-Run-eDataSecurity Loader - technology\edatasecurity\edsloader.exe

HKLM-Run-PCSuiteTrayApplication - files\nokia\nokia pc suite 6\launchapplication.exe

SafeBoot-aawservice

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-10-21 19:44

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EraserUtilDrv10910]

@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EraserUtilRebootDrv]

@Denied: (Full) (LocalSystem)

"ImagePath"="\\??\\c:\\Program Files\\Common Files\\Symantec Shared\\EENGINE\\EraserUtilRebootDrv.sys"

"DisplayName"="EraserUtilRebootDrv"

"ErrorControl"=dword:00000001

"Start"=dword:00000003

"Type"=dword:00000001

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4140)

c:\windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3ac86230f8672732e33a9607b9d850c0\System.Web.Services.ni.dll

c:\windows\system32\BsMobileSDK.dll

c:\windows\system32\BsLangInDepRes.dll

c:\windows\system32\Bs2Res.dll

c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll

c:\program files\Bonjour\mdnsNSP.dll

c:\windows\system32\btncopy.dll

e:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

e:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

e:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr

e:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\imapi2.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

e:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

e:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\combofix\CF7207.exe

c:\windows\system32\wbem\unsecapp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Windows Media Player\wmpnscfg.exe

c:\combofix\PEV.cfxxe

.

**************************************************************************

.

Voltooingstijd: 2009-10-21 19:49 - machine werd herstart

ComboFix-quarantined-files.txt 2009-10-21 17:49

Pre-Run: 79.694.856.192 bytes beschikbaar

Post-Run: 79.421.071.360 bytes beschikbaar

- - End Of File - - F6D51590AEB2043C83E116D4BB9F1F83

[kape]

En wat vertelt Spybot nu ?

[piloot]

Dit is het resultaat:bawling: er staat ook nog bij dat het in de AUTO RUN INSTELLINGEN c:\Windows\wininit.init ??? Weet niet wat dat is hoor!

Win32.FraudLoad.edt: [sBI $62B0666F] Autorun instellingen (INI Verwijderen, nothing done)

Afgebroken door gebruiker !: Scan werd niet succesvol voltooid. (Status)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2009-10-18 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-09-07 advcheck.dll (1.6.4.18)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2009-10-08 Includes\Adware.sbi (*)

2009-10-20 Includes\AdwareC.sbi (*)

2009-01-22 Includes\Cookies.sbi (*)

2009-10-14 Includes\Dialer.sbi (*)

2009-10-13 Includes\DialerC.sbi (*)

2009-01-22 Includes\HeavyDuty.sbi (*)

2009-05-26 Includes\Hijackers.sbi (*)

2009-10-13 Includes\HijackersC.sbi (*)

2009-10-20 Includes\Keyloggers.sbi (*)

2009-10-20 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2009-10-13 Includes\Malware.sbi (*)

2009-10-21 Includes\MalwareC.sbi (*)

2009-03-25 Includes\PUPS.sbi (*)

2009-10-20 Includes\PUPSC.sbi (*)

2009-01-22 Includes\Revision.sbi (*)

2009-01-13 Includes\Security.sbi (*)

2009-10-20 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2009-10-13 Includes\Spyware.sbi (*)

2009-10-20 Includes\SpywareC.sbi (*)

2009-06-08 Includes\Tracks.uti

2009-10-06 Includes\Trojans.sbi (*)

2009-10-21 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

[kape]

Kijk [ame=http://forums.spybot.info/showthread.php?t=49711]HIER[/ame] eens voor de oplossing van Spybot zelf.

[piloot]

Blijkbaar is dit een stukje van het antispyware programma Adaware dat spybot steeds detecteert. Kan het geen kwaad om het te laten staan??

Of moet ik het er toch beter afhalen?

[kape]

Spybot en AdAware zijn niet echt "goede vrienden". Maar als dat zo is, kan je dit perfect laten staan. Dan mag je de opmerking van Spybot er gewoon bijnemen, want uit niets blijkt dat er verder een probleem is met malware