Help: Bad Image virus!

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop “AVG Security Toolbar Service”

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete “AVG Security Toolbar Service”

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop avgwd

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete avgwd

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O15 - Trusted Zone: http://software.kuaiche.com

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - I:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - AppInit_DLLs: I:\Windows\System32\avgrsstx.dll

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

[lufraki]

De meldingen zijn weer weg

ComboFix 11-01-08.01 - lufraki 08-01-2011 21:21:26.3.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.3326.2427 [GMT 1:00]

Gestart vanuit: i:\users\lufraki\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

I:\install.exe

i:\users\lufraki\AppData\Roaming\inst.exe

i:\windows\system32\NL-NLW.DLL

i:\windows\system32\system

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-12-08 to 2011-01-08 ))))))))))))))))))))))))))))))

.

2011-01-08 20:28 . 2011-01-08 20:28 -------- d-----w- i:\users\Public\AppData\Local\temp

2011-01-08 20:28 . 2011-01-08 20:28 -------- d-----w- i:\users\Default\AppData\Local\temp

2011-01-08 20:28 . 2011-01-08 20:28 -------- d-----w- i:\users\lufraki\AppData\Local\temp

2011-01-08 19:17 . 2011-01-08 19:17 -------- d-----w- i:\program files\Vogster Entertainment

2011-01-08 18:56 . 2011-01-08 18:56 -------- d-----w- i:\users\lufraki\AppData\Roaming\InstallShield Installation Information

2011-01-08 18:56 . 2011-01-08 18:56 -------- d-----w- i:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

2011-01-08 16:20 . 2010-10-05 20:26 109240 ----a-w- i:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

2011-01-08 16:20 . 2010-10-05 20:27 150200 ----a-w- i:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2011-01-08 12:55 . 2011-01-08 12:55 -------- d-----w- i:\users\lufraki\AppData\Roaming\Need for Speed World

2011-01-08 12:15 . 2011-01-08 12:15 -------- d-----w- i:\users\lufraki\AppData\Local\Electronic_Arts_Inc

2011-01-08 12:15 . 2011-01-08 12:15 -------- d-----w- i:\programdata\Electronic Arts

2011-01-08 12:15 . 2011-01-08 12:15 -------- d-----w- i:\program files\Electronic Arts

2011-01-08 12:08 . 2011-01-08 12:16 97859 ----a-w- i:\windows\system32\drivers\klick.dat

2011-01-08 12:08 . 2011-01-08 12:16 114243 ----a-w- i:\windows\system32\drivers\klin.dat

2011-01-08 12:07 . 2011-01-08 19:00 -------- d-----w- i:\programdata\Kaspersky Lab

2011-01-08 12:07 . 2011-01-08 12:07 -------- d-----w- i:\program files\Kaspersky Lab

2011-01-08 12:05 . 2011-01-08 12:05 -------- d-----w- i:\programdata\Kaspersky Lab Setup Files

2011-01-08 10:17 . 2011-01-08 10:17 -------- d-----w- i:\program files\Perfect Uninstaller

2011-01-07 20:42 . 2010-11-16 11:01 6273872 ----a-w- i:\programdata\Microsoft\Windows Defender\Definition Updates\{45347193-E21A-4E4D-8555-2A4CE3C34C96}\mpengine.dll

2011-01-07 20:13 . 2011-01-07 20:15 -------- d-----w- i:\program files\Common Files\BitDefender

2011-01-07 19:58 . 2010-10-19 09:41 222080 ------w- i:\windows\system32\MpSigStub.exe

2011-01-07 19:56 . 2010-04-09 07:24 240008 ----a-w- i:\windows\system32\drivers\netio.sys

2011-01-07 19:40 . 2011-01-07 19:40 -------- d-----w- i:\program files\Webroot

2011-01-07 19:39 . 2011-01-07 19:39 -------- d-----w- i:\programdata\Webroot

2011-01-07 19:39 . 2011-01-07 19:39 -------- d-----w- i:\users\lufraki\AppData\Local\PackageAware

2011-01-07 19:31 . 2011-01-08 12:14 134789 ----a-w- i:\programdata\bdinstall.bin

2011-01-01 19:52 . 2011-01-01 19:52 -------- d-----w- i:\program files\uTorrent

2011-01-01 19:51 . 2011-01-08 11:58 -------- d-----w- i:\users\lufraki\AppData\Roaming\uTorrent

2011-01-01 11:52 . 2011-01-01 11:56 -------- d-----w- i:\programdata\SpeedBit

2011-01-01 11:31 . 2011-01-01 11:54 -------- d-----w- i:\users\lufraki\AppData\Roaming\BitComet

2011-01-01 11:31 . 2011-01-07 19:54 -------- d-----w- i:\program files\BitComet

2010-12-31 18:31 . 2011-01-07 19:16 -------- d-----w- i:\users\lufraki\AppData\Roaming\QuickScan

2010-12-31 17:57 . 2010-12-31 17:57 -------- d-----w- i:\program files\FlashGet Network

2010-12-31 17:56 . 2010-12-31 17:57 -------- d-----w- i:\program files\FlashGet

2010-12-31 16:37 . 2010-12-31 16:37 -------- d-----w- i:\program files\opensub

2010-12-31 15:02 . 2010-12-31 18:22 -------- d-----w- i:\users\lufraki\AppData\Roaming\ViGlance

2010-12-30 10:55 . 2010-12-30 10:55 -------- d-----w- i:\program files\Hitman Pro 3.5

2010-12-30 10:23 . 2011-01-08 18:51 16968 ----a-w- i:\windows\system32\drivers\hitmanpro35.sys

2010-12-30 10:23 . 2010-12-30 10:27 -------- d-----w- i:\programdata\Hitman Pro

2010-12-29 11:33 . 2011-01-07 19:36 -------- d-----w- i:\programdata\Alwil Software

2010-12-29 11:33 . 2010-12-29 11:33 -------- d-----w- i:\program files\Alwil Software

2010-12-28 19:26 . 2010-12-28 19:26 -------- d-----w- i:\program files\AMD

2010-12-28 19:26 . 2010-12-28 19:32 -------- d-----w- i:\users\lufraki\AppData\Local\Downloaded Installations

2010-12-28 18:26 . 2010-12-28 18:26 -------- d-----w- i:\users\lufraki\AppData\Roaming\TightVNC

2010-12-28 18:26 . 2010-12-28 18:26 -------- d-----w- i:\program files\TightVNC

2010-12-28 13:46 . 2010-12-28 13:46 -------- d-----w- i:\programdata\ATI

2010-12-28 13:43 . 2010-12-28 13:43 -------- d-----w- I:\AMD

2010-12-26 14:24 . 2010-12-26 14:24 -------- d-----w- i:\program files\Phyxion.net

2010-12-24 15:45 . 2011-01-03 10:14 139128 ----a-w- i:\windows\system32\drivers\PnkBstrK.sys

2010-12-24 15:44 . 2010-12-25 08:43 75136 ----a-w- i:\windows\system32\PnkBstrA.exe

2010-12-24 15:44 . 2010-12-24 15:44 2434856 ----a-w- i:\windows\system32\pbsvc_bc2.exe

2010-12-21 19:21 . 2010-12-21 19:35 -------- d-----w- i:\users\lufraki\AppData\Local\Temporary Projects

2010-12-21 18:49 . 2010-12-21 18:49 -------- d-----w- i:\program files\Game Maker 8 Pro Edition

2010-12-21 18:37 . 2010-12-21 19:58 -------- d-----w- i:\program files\001

2010-12-21 18:35 . 2010-12-21 18:35 -------- d-----w- i:\programdata\001

2010-12-21 18:23 . 2010-12-21 18:23 -------- d-----w- i:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2010-12-21 18:23 . 2010-12-21 18:27 -------- d-----w- i:\program files\GStudio8

2010-12-18 14:54 . 2010-12-18 14:54 -------- d-----w- I:\dell

2010-12-18 13:48 . 2010-12-18 13:48 -------- d-----w- i:\windows\system32\RTCOM

2010-12-17 16:44 . 2010-12-17 16:44 80416 ----a-w- i:\windows\system32\RtNicProp32.dll

2010-12-17 16:44 . 2010-12-17 16:44 322664 ----a-w- i:\windows\system32\drivers\Rt86win7.sys

2010-12-17 16:12 . 2010-12-17 16:12 -------- d-----w- I:\Drivers

2010-12-17 16:09 . 2010-12-17 16:09 -------- d-----w- i:\users\lufraki\AppData\Roaming\Easeware

2010-12-17 16:09 . 2010-12-17 16:09 -------- d-----w- i:\program files\Easeware

2010-12-17 15:56 . 2010-12-17 15:56 -------- d-----w- i:\programdata\Innovative Solutions

2010-12-17 15:56 . 2010-12-17 15:56 -------- d-----w- i:\users\lufraki\AppData\Local\Innovative Solutions

2010-12-17 15:11 . 2010-12-17 15:11 -------- d-----w- i:\users\lufraki\AppData\Roaming\SUPERAntiSpyware.com

2010-12-17 08:20 . 2010-12-17 08:20 -------- d-----w- i:\programdata\IObit

2010-12-17 08:20 . 2011-01-07 17:13 -------- d-----w- i:\program files\Application Updater

2010-12-17 08:20 . 2010-12-17 08:20 -------- d-----w- i:\program files\IObit Toolbar

2010-12-17 08:20 . 2010-12-17 08:20 -------- d-----w- i:\program files\IObit

2010-12-17 08:20 . 2010-12-17 08:20 -------- d-----w- i:\program files\Common Files\Spigot

2010-12-16 17:38 . 2010-12-16 17:38 -------- d-----w- i:\users\lufraki\AppData\Roaming\TS3Client

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-03 10:14 . 2010-08-25 10:54 215128 ----a-w- i:\windows\system32\PnkBstrB.exe

2011-01-03 10:14 . 2010-03-15 15:43 215128 ----a-w- i:\windows\system32\PnkBstrB.xtr

2011-01-03 10:10 . 2010-08-25 10:54 215128 ----a-w- i:\windows\system32\PnkBstrB.ex0

2010-12-24 15:45 . 2010-03-15 15:41 138056 ----a-w- i:\users\lufraki\AppData\Roaming\PnkBstrK.sys

2010-12-20 17:09 . 2010-11-30 13:58 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 17:08 . 2010-11-30 13:57 20952 ----a-w- i:\windows\system32\drivers\mbam.sys

2010-12-17 16:44 . 2009-12-03 08:27 100896 ----a-w- i:\windows\system32\RTNUninst32.dll

2010-11-26 04:19 . 2010-11-26 04:19 6650368 ----a-w- i:\windows\system32\drivers\atikmdag.sys

2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- i:\windows\system32\atioglxx.dll

2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- i:\windows\system32\atiapfxx.exe

2010-11-26 02:58 . 2010-08-03 23:54 550400 ----a-w- i:\windows\system32\aticfx32.dll

2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- i:\windows\system32\ATIDEMGX.dll

2010-11-26 02:54 . 2010-11-26 02:54 393216 ----a-w- i:\windows\system32\atieclxx.exe

2010-11-26 02:54 . 2010-11-26 02:54 176128 ----a-w- i:\windows\system32\atiesrxx.exe

2010-11-26 02:52 . 2010-11-26 02:52 159744 ----a-w- i:\windows\system32\atitmmxx.dll

2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- i:\windows\system32\atipdlxx.dll

2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- i:\windows\system32\Oemdspif.dll

2010-11-26 02:52 . 2010-11-26 02:52 15872 ----a-w- i:\windows\system32\atimuixx.dll

2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- i:\windows\system32\ati2edxx.dll

2010-11-26 02:49 . 2010-08-03 23:46 4066816 ----a-w- i:\windows\system32\atidxx32.dll

2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- i:\windows\system32\atiumdag.dll

2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- i:\windows\system32\aticalrt.dll

2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- i:\windows\system32\aticalcl.dll

2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- i:\windows\system32\aticaldd.dll

2010-11-26 02:24 . 2010-08-03 23:23 52736 ----a-w- i:\windows\system32\coinst.dll

2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- i:\windows\system32\atiumdva.dll

2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- i:\windows\system32\atiadlxx.dll

2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- i:\windows\system32\atiglpxx.dll

2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- i:\windows\system32\atigktxx.dll

2010-11-26 02:16 . 2010-11-26 02:16 231936 ----a-w- i:\windows\system32\drivers\atikmpag.sys

2010-11-26 02:15 . 2010-08-03 23:15 30720 ----a-w- i:\windows\system32\atiuxpag.dll

2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- i:\windows\system32\atiu9pag.dll

2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- i:\windows\system32\drivers\ati2erec.dll

2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- i:\windows\system32\atimpc32.dll

2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- i:\windows\system32\amdpcom32.dll

2010-11-23 20:57 . 2010-11-09 17:22 12288 ----a-w- i:\windows\impborl.dll

2010-11-23 16:16 . 2010-12-01 16:12 31552 ----a-w- i:\windows\system32\TURegOpt.exe

2010-11-23 16:11 . 2010-12-01 16:12 21312 ----a-w- i:\windows\system32\authuitu.dll

2010-11-23 16:11 . 2010-12-01 16:12 29504 ----a-w- i:\windows\system32\uxtuneup.dll

2010-11-17 17:15 . 2010-11-17 17:15 235 ----a-w- i:\windows\system32\nxEuUninstall.bat

2010-11-17 17:15 . 2010-02-18 08:27 446464 ----a-w- i:\windows\NEXON_EU_DownloaderUpdater.exe

2010-11-17 12:04 . 2010-11-17 12:04 101392 ----a-w- i:\windows\system32\drivers\AtihdW73.sys

2010-11-14 17:08 . 2010-03-06 18:50 47360 ----a-w- i:\users\lufraki\AppData\Roaming\pcouffin.sys

2010-11-12 17:53 . 2010-08-20 16:25 472808 ----a-w- i:\windows\system32\deployJava1.dll

2010-10-26 10:22 . 2010-10-26 10:22 45056 ----a-w- i:\windows\system32\ATIODCLI.exe

2010-10-26 10:22 . 2010-10-26 10:22 294912 ----a-w- i:\windows\system32\ATIODE.exe

2010-10-25 11:47 . 2010-10-25 11:47 1060864 ----a-w- i:\windows\system32\mfc71.dll

2010-10-19 14:12 . 2010-10-19 13:36 21840 ----atw- i:\windows\system32\SIntfNT.dll

2010-10-19 14:12 . 2010-10-19 13:36 17212 ----atw- i:\windows\system32\SIntf32.dll

2010-10-19 14:12 . 2010-10-19 13:36 12067 ----atw- i:\windows\system32\SIntf16.dll

2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- i:\windows\system32\xlive.dll

2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- i:\windows\system32\xlivefnt.dll

1997-02-17 10:37 . 1999-06-23 20:24 171520 ----a-w- i:\program files\CNCS32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="i:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AVP"="i:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2011-01-08 365336]

i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - i:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=i:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\I:^Users^lufraki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

path=i:\users\lufraki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

backup=i:\windows\pss\CurseClientStartup.ccip.Startup

backupExtension=.Startup

[HKLM\~\startupfolder\I:^Users^lufraki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iRotate.lnk]

path=i:\users\lufraki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iRotate.lnk

backup=i:\windows\pss\iRotate.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteDir[b04] WIPE_B04.TMP]

RD [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- i:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- i:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-09-22 22:47 4240760 ----a-w- i:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]

c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- i:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-12-14 20:02 2424560 ----a-w- i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="i:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"SUPERAntiSpyware"=i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

"Steam"="i:\program files\Steam\Steam.exe" -silent

"Pando Media Booster"=i:\program files\Pando Networks\Media Booster\PMB.exe

"RGSC"=i:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"HP Software Update"=i:\program files\HP\HP Software Update\HPWuSchd2.exe

"Zboard"=i:\program files\Ideazon\ZEngine\Zboard.exe

"ATICustomerCare"="i:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"

"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"RtHDVCpl"=i:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s

"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SearchSettings"="i:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"

"Malwarebytes' Anti-Malware (reboot)"="i:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"AVG_TRAY"=i:\program files\AVG\AVG10\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AVGIDSShim;AVGIDSShim;i:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

R3 EagleXNt;EagleXNt;i:\windows\system32\drivers\EagleXNt.sys [x]

R3 npggsvc;nProtect GameGuard Service;i:\windows\system32\GameMon.des [2010-03-21 3601544]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;i:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]

R3 WatAdminSvc;Windows Activation Technologies-service;i:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]

R3 XDva296;XDva296;i:\windows\system32\XDva296.sys [x]

R3 XDva327;XDva327;i:\windows\system32\XDva327.sys [x]

R3 XDva332;XDva332;i:\windows\system32\XDva332.sys [x]

R3 XDva336;XDva336;i:\windows\system32\XDva336.sys [x]

R3 XDva337;XDva337;i:\windows\system32\XDva337.sys [x]

R3 XDva359;XDva359;i:\windows\system32\XDva359.sys [x]

R3 XDva367;XDva367;i:\windows\system32\XDva367.sys [x]

R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S0 sptd;sptd;i:\windows\System32\Drivers\sptd.sys [2010-02-13 691696]

S1 kl2;kl2;i:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;i:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]

S2 Akamai;Akamai NetSession Interface;i:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AMD External Events Utility;AMD External Events Utility;i:\windows\system32\atiesrxx.exe [2010-11-26 176128]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;i:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-23 1483072]

S3 amdkmdag;amdkmdag;i:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]

S3 amdkmdap;amdkmdap;i:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;i:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]

S3 klmouflt;Kaspersky Lab KLMOUFLT;i:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;i:\windows\system32\Drivers\RtsUStor.sys [2010-06-04 189784]

S3 RTL8167;Realtek 8167 NT Driver;i:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-17 322664]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;i:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]

S3 WVKeyboardService;Wayontec Virtual Keyboard Driver;i:\windows\system32\Drivers\wvkeybd.sys [2010-06-18 10568]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - EAGLEXNT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2011-01-03 i:\windows\Tasks\DriverEasy Scheduled Scan.job

- i:\program files\Easeware\DriverEasy\DriverEasy.exe [2010-12-17 19:55]

.

.

------- Bijkomende Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

IE: Add to Anti-Banner - i:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

FF - ProfilePath - i:\users\lufraki\AppData\Roaming\Mozilla\Firefox\Profiles\1oatxjms.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://countdown.free-and-online.com/?timer=2456

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=0&v=6.010.023.001&i=23&tp=ab&iy=&ychte=nl&lng=nl&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - i:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - i:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - i:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - i:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-BitTorrent - i:\program files\BitTorrent\bittorrent.exe

MSConfigStartUp-FlashPlayerUpdate - i:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe

MSConfigStartUp-QuickTime Task - i:\program files\QuickTime\QTTask.exe

MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]

"ImagePath"="i:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2838343270-200650475-273469060-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:d5,4f,f0,3a,75,22,7c,05,a7,8e,ba,99,97,b3,a1,e3,ba,ae,66,82,7c,d3,e4,

13,dd,21,3c,98,ec,35,14,a8,e1,8a,45,83,58,d7,42,73,9e,aa,d5,87,dd,d0,59,f0,\

"??"=hex:d3,5d,4a,97,68,f9,aa,1b,29,0d,aa,a8,22,84,59,9a

[HKEY_USERS\S-1-5-21-2838343270-200650475-273469060-1001\Software\SecuROM\License information*]

"datasecu"=hex:e6,8e,84,56,c0,a0,2a,ef,88,2a,54,89,7e,c0,cd,b7,cf,17,a2,5c,fa,

58,9c,e3,ad,fb,20,ce,fe,75,46,84,fa,91,15,1a,cb,d5,a8,f6,ee,55,bf,62,72,f1,\

"rkeysecu"=hex:ba,76,e9,0a,e3,97,f2,eb,93,d5,91,41,36,38,c1,ee

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-01-08 21:30:01

ComboFix-quarantined-files.txt 2011-01-08 20:30

ComboFix2.txt 2009-05-09 16:48

ComboFix3.txt 2009-04-07 17:04

Pre-Run: 471.476.756.480 bytes beschikbaar

Post-Run: 471.593.652.224 bytes beschikbaar

- - End Of File - - 4D137C010D62CB64BC70D1D88124470D

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:59:21, on 8-1-2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

I:\Windows\system32\taskhost.exe

I:\Windows\system32\taskeng.exe

I:\Windows\system32\Dwm.exe

I:\Program Files\IObit\Game Booster\GameBox.exe

I:\Program Files\Common Files\Java\Java Update\jusched.exe

I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

I:\Program Files\Windows Sidebar\sidebar.exe

I:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

I:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

I:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

I:\Windows\system32\notepad.exe

I:\Windows\explorer.exe

I:\Program Files\Mozilla Firefox\firefox.exe

I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

I:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

I:\Users\lufraki\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - I:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - I:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "I:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVP] "I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

O4 - HKCU\..\Run: [sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Anti-Banner - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - I:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - I:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: I:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,I:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - I:\Windows\System32\DreamScene.dll

O23 - Service: AMD External Events Utility - AMD - I:\Windows\system32\atiesrxx.exe

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - I:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - I:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - I:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - I:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - I:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--

End of file - 6181 bytes

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

i:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

i:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

i:\windows\system32\XDva296.sys

i:\windows\system32\XDva327.sys

i:\windows\system32\XDva332.sys

i:\windows\system32\XDva336.sys

i:\windows\system32\XDva337.sys

i:\windows\system32\XDva359.sys

i:\windows\system32\XDva367.sys

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteDir[b04] WIPE_B04.TMP]

Driver::

XDva296

XDva327

XDva332

XDva336

XDva337

XDva359

XDva367

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[lufraki]

Goeiemorgen

ComboFix 11-01-08.01 - lufraki 08-01-2011 22:33:57.4.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.3326.2209 [GMT 1:00]

Gestart vanuit: i:\users\lufraki\Downloads\ComboFix.exe

gebruikte Opdracht switches :: i:\users\lufraki\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

FILE ::

"i:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP"

"i:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP"

"i:\windows\system32\XDva296.sys"

"i:\windows\system32\XDva327.sys"

"i:\windows\system32\XDva332.sys"

"i:\windows\system32\XDva336.sys"

"i:\windows\system32\XDva337.sys"

"i:\windows\system32\XDva359.sys"

"i:\windows\system32\XDva367.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_XDVA296

-------\Legacy_XDVA327

-------\Legacy_XDVA332

-------\Legacy_XDVA336

-------\Legacy_XDVA337

-------\Legacy_XDVA359

-------\Legacy_XDVA367

-------\Service_XDva296

-------\Service_XDva327

-------\Service_XDva332

-------\Service_XDva336

-------\Service_XDva337

-------\Service_XDva359

-------\Service_XDva367

(((((((((((((((((((( Bestanden Gemaakt van 2010-12-08 to 2011-01-08 ))))))))))))))))))))))))))))))

.

2011-01-08 21:40 . 2011-01-08 21:40 -------- d-----w- i:\users\Public\AppData\Local\temp

2011-01-08 21:40 . 2011-01-08 21:40 -------- d-----w- i:\users\Default\AppData\Local\temp

2011-01-08 20:30 . 2011-01-08 21:54 -------- d-----w- i:\users\lufraki\AppData\Local\temp

2011-01-08 19:17 . 2011-01-08 19:17 -------- d-----w- i:\program files\Vogster Entertainment

2011-01-08 18:56 . 2011-01-08 18:56 -------- d-----w- i:\users\lufraki\AppData\Roaming\InstallShield Installation Information

2011-01-08 18:56 . 2011-01-08 18:56 -------- d-----w- i:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

2011-01-08 16:20 . 2010-10-05 20:26 109240 ----a-w- i:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll

2011-01-08 16:20 . 2010-10-05 20:27 150200 ----a-w- i:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll

2011-01-08 12:55 . 2011-01-08 12:55 -------- d-----w- i:\users\lufraki\AppData\Roaming\Need for Speed World

2011-01-08 12:15 . 2011-01-08 12:15 -------- d-----w- i:\users\lufraki\AppData\Local\Electronic_Arts_Inc

2011-01-08 12:15 . 2011-01-08 12:15 -------- d-----w- i:\programdata\Electronic Arts

2011-01-08 12:15 . 2011-01-08 12:15 -------- d-----w- i:\program files\Electronic Arts

2011-01-08 12:08 . 2011-01-08 12:16 97859 ----a-w- i:\windows\system32\drivers\klick.dat

2011-01-08 12:08 . 2011-01-08 12:16 114243 ----a-w- i:\windows\system32\drivers\klin.dat

2011-01-08 12:07 . 2011-01-08 21:42 -------- d-----w- i:\programdata\Kaspersky Lab

2011-01-08 12:07 . 2011-01-08 12:07 -------- d-----w- i:\program files\Kaspersky Lab

2011-01-08 12:05 . 2011-01-08 12:05 -------- d-----w- i:\programdata\Kaspersky Lab Setup Files

2011-01-08 10:17 . 2011-01-08 10:17 -------- d-----w- i:\program files\Perfect Uninstaller

2011-01-07 20:42 . 2010-11-16 11:01 6273872 ----a-w- i:\programdata\Microsoft\Windows Defender\Definition Updates\{45347193-E21A-4E4D-8555-2A4CE3C34C96}\mpengine.dll

2011-01-07 20:13 . 2011-01-07 20:15 -------- d-----w- i:\program files\Common Files\BitDefender

2011-01-07 19:58 . 2010-10-19 09:41 222080 ------w- i:\windows\system32\MpSigStub.exe

2011-01-07 19:56 . 2010-04-09 07:24 240008 ----a-w- i:\windows\system32\drivers\netio.sys

2011-01-07 19:40 . 2011-01-07 19:40 -------- d-----w- i:\program files\Webroot

2011-01-07 19:39 . 2011-01-07 19:39 -------- d-----w- i:\programdata\Webroot

2011-01-07 19:39 . 2011-01-07 19:39 -------- d-----w- i:\users\lufraki\AppData\Local\PackageAware

2011-01-07 19:31 . 2011-01-08 12:14 134789 ----a-w- i:\programdata\bdinstall.bin

2011-01-01 19:52 . 2011-01-01 19:52 -------- d-----w- i:\program files\uTorrent

2011-01-01 19:51 . 2011-01-08 11:58 -------- d-----w- i:\users\lufraki\AppData\Roaming\uTorrent

2011-01-01 11:52 . 2011-01-01 11:56 -------- d-----w- i:\programdata\SpeedBit

2011-01-01 11:31 . 2011-01-01 11:54 -------- d-----w- i:\users\lufraki\AppData\Roaming\BitComet

2011-01-01 11:31 . 2011-01-07 19:54 -------- d-----w- i:\program files\BitComet

2010-12-31 18:31 . 2011-01-07 19:16 -------- d-----w- i:\users\lufraki\AppData\Roaming\QuickScan

2010-12-31 17:57 . 2010-12-31 17:57 -------- d-----w- i:\program files\FlashGet Network

2010-12-31 17:56 . 2010-12-31 17:57 -------- d-----w- i:\program files\FlashGet

2010-12-31 16:37 . 2010-12-31 16:37 -------- d-----w- i:\program files\opensub

2010-12-31 15:02 . 2010-12-31 18:22 -------- d-----w- i:\users\lufraki\AppData\Roaming\ViGlance

2010-12-30 10:55 . 2010-12-30 10:55 -------- d-----w- i:\program files\Hitman Pro 3.5

2010-12-30 10:23 . 2011-01-08 18:51 16968 ----a-w- i:\windows\system32\drivers\hitmanpro35.sys

2010-12-30 10:23 . 2010-12-30 10:27 -------- d-----w- i:\programdata\Hitman Pro

2010-12-29 11:33 . 2011-01-07 19:36 -------- d-----w- i:\programdata\Alwil Software

2010-12-29 11:33 . 2010-12-29 11:33 -------- d-----w- i:\program files\Alwil Software

2010-12-28 19:26 . 2010-12-28 19:26 -------- d-----w- i:\program files\AMD

2010-12-28 19:26 . 2010-12-28 19:32 -------- d-----w- i:\users\lufraki\AppData\Local\Downloaded Installations

2010-12-28 18:26 . 2010-12-28 18:26 -------- d-----w- i:\users\lufraki\AppData\Roaming\TightVNC

2010-12-28 18:26 . 2010-12-28 18:26 -------- d-----w- i:\program files\TightVNC

2010-12-28 13:46 . 2010-12-28 13:46 -------- d-----w- i:\programdata\ATI

2010-12-28 13:43 . 2010-12-28 13:43 -------- d-----w- I:\AMD

2010-12-26 14:24 . 2010-12-26 14:24 -------- d-----w- i:\program files\Phyxion.net

2010-12-24 15:45 . 2011-01-03 10:14 139128 ----a-w- i:\windows\system32\drivers\PnkBstrK.sys

2010-12-24 15:44 . 2010-12-25 08:43 75136 ----a-w- i:\windows\system32\PnkBstrA.exe

2010-12-24 15:44 . 2010-12-24 15:44 2434856 ----a-w- i:\windows\system32\pbsvc_bc2.exe

2010-12-21 19:21 . 2010-12-21 19:35 -------- d-----w- i:\users\lufraki\AppData\Local\Temporary Projects

2010-12-21 18:49 . 2010-12-21 18:49 -------- d-----w- i:\program files\Game Maker 8 Pro Edition

2010-12-21 18:37 . 2010-12-21 19:58 -------- d-----w- i:\program files\001

2010-12-21 18:35 . 2010-12-21 18:35 -------- d-----w- i:\programdata\001

2010-12-21 18:23 . 2010-12-21 18:23 -------- d-----w- i:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2010-12-21 18:23 . 2010-12-21 18:27 -------- d-----w- i:\program files\GStudio8

2010-12-18 14:54 . 2010-12-18 14:54 -------- d-----w- I:\dell

2010-12-18 13:48 . 2010-12-18 13:48 -------- d-----w- i:\windows\system32\RTCOM

2010-12-17 16:44 . 2010-12-17 16:44 80416 ----a-w- i:\windows\system32\RtNicProp32.dll

2010-12-17 16:44 . 2010-12-17 16:44 322664 ----a-w- i:\windows\system32\drivers\Rt86win7.sys

2010-12-17 16:12 . 2010-12-17 16:12 -------- d-----w- I:\Drivers

2010-12-17 16:09 . 2010-12-17 16:09 -------- d-----w- i:\users\lufraki\AppData\Roaming\Easeware

2010-12-17 16:09 . 2010-12-17 16:09 -------- d-----w- i:\program files\Easeware

2010-12-17 15:56 . 2010-12-17 15:56 -------- d-----w- i:\programdata\Innovative Solutions

2010-12-17 15:56 . 2010-12-17 15:56 -------- d-----w- i:\users\lufraki\AppData\Local\Innovative Solutions

2010-12-17 15:11 . 2010-12-17 15:11 -------- d-----w- i:\users\lufraki\AppData\Roaming\SUPERAntiSpyware.com

2010-12-17 08:20 . 2010-12-17 08:20 -------- d-----w- i:\programdata\IObit

2010-12-17 08:20 . 2011-01-07 17:13 -------- d-----w- i:\program files\Application Updater

2010-12-17 08:20 . 2010-12-17 08:20 -------- d-----w- i:\program files\IObit Toolbar

2010-12-17 08:20 . 2010-12-17 08:20 -------- d-----w- i:\program files\IObit

2010-12-16 17:38 . 2010-12-16 17:38 -------- d-----w- i:\users\lufraki\AppData\Roaming\TS3Client

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-03 10:14 . 2010-08-25 10:54 215128 ----a-w- i:\windows\system32\PnkBstrB.exe

2011-01-03 10:14 . 2010-03-15 15:43 215128 ----a-w- i:\windows\system32\PnkBstrB.xtr

2011-01-03 10:10 . 2010-08-25 10:54 215128 ----a-w- i:\windows\system32\PnkBstrB.ex0

2010-12-24 15:45 . 2010-03-15 15:41 138056 ----a-w- i:\users\lufraki\AppData\Roaming\PnkBstrK.sys

2010-12-20 17:09 . 2010-11-30 13:58 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 17:08 . 2010-11-30 13:57 20952 ----a-w- i:\windows\system32\drivers\mbam.sys

2010-12-17 16:44 . 2009-12-03 08:27 100896 ----a-w- i:\windows\system32\RTNUninst32.dll

2010-11-26 04:19 . 2010-11-26 04:19 6650368 ----a-w- i:\windows\system32\drivers\atikmdag.sys

2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- i:\windows\system32\atioglxx.dll

2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- i:\windows\system32\atiapfxx.exe

2010-11-26 02:58 . 2010-08-03 23:54 550400 ----a-w- i:\windows\system32\aticfx32.dll

2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- i:\windows\system32\ATIDEMGX.dll

2010-11-26 02:54 . 2010-11-26 02:54 393216 ----a-w- i:\windows\system32\atieclxx.exe

2010-11-26 02:54 . 2010-11-26 02:54 176128 ----a-w- i:\windows\system32\atiesrxx.exe

2010-11-26 02:52 . 2010-11-26 02:52 159744 ----a-w- i:\windows\system32\atitmmxx.dll

2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- i:\windows\system32\atipdlxx.dll

2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- i:\windows\system32\Oemdspif.dll

2010-11-26 02:52 . 2010-11-26 02:52 15872 ----a-w- i:\windows\system32\atimuixx.dll

2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- i:\windows\system32\ati2edxx.dll

2010-11-26 02:49 . 2010-08-03 23:46 4066816 ----a-w- i:\windows\system32\atidxx32.dll

2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- i:\windows\system32\atiumdag.dll

2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- i:\windows\system32\aticalrt.dll

2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- i:\windows\system32\aticalcl.dll

2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- i:\windows\system32\aticaldd.dll

2010-11-26 02:24 . 2010-08-03 23:23 52736 ----a-w- i:\windows\system32\coinst.dll

2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- i:\windows\system32\atiumdva.dll

2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- i:\windows\system32\atiadlxx.dll

2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- i:\windows\system32\atiglpxx.dll

2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- i:\windows\system32\atigktxx.dll

2010-11-26 02:16 . 2010-11-26 02:16 231936 ----a-w- i:\windows\system32\drivers\atikmpag.sys

2010-11-26 02:15 . 2010-08-03 23:15 30720 ----a-w- i:\windows\system32\atiuxpag.dll

2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- i:\windows\system32\atiu9pag.dll

2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- i:\windows\system32\drivers\ati2erec.dll

2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- i:\windows\system32\atimpc32.dll

2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- i:\windows\system32\amdpcom32.dll

2010-11-23 20:57 . 2010-11-09 17:22 12288 ----a-w- i:\windows\impborl.dll

2010-11-23 16:16 . 2010-12-01 16:12 31552 ----a-w- i:\windows\system32\TURegOpt.exe

2010-11-23 16:11 . 2010-12-01 16:12 21312 ----a-w- i:\windows\system32\authuitu.dll

2010-11-23 16:11 . 2010-12-01 16:12 29504 ----a-w- i:\windows\system32\uxtuneup.dll

2010-11-17 17:15 . 2010-11-17 17:15 235 ----a-w- i:\windows\system32\nxEuUninstall.bat

2010-11-17 17:15 . 2010-02-18 08:27 446464 ----a-w- i:\windows\NEXON_EU_DownloaderUpdater.exe

2010-11-17 12:04 . 2010-11-17 12:04 101392 ----a-w- i:\windows\system32\drivers\AtihdW73.sys

2010-11-14 17:08 . 2010-03-06 18:50 47360 ----a-w- i:\users\lufraki\AppData\Roaming\pcouffin.sys

2010-11-12 17:53 . 2010-08-20 16:25 472808 ----a-w- i:\windows\system32\deployJava1.dll

2010-10-26 10:22 . 2010-10-26 10:22 45056 ----a-w- i:\windows\system32\ATIODCLI.exe

2010-10-26 10:22 . 2010-10-26 10:22 294912 ----a-w- i:\windows\system32\ATIODE.exe

2010-10-25 11:47 . 2010-10-25 11:47 1060864 ----a-w- i:\windows\system32\mfc71.dll

2010-10-19 14:12 . 2010-10-19 13:36 21840 ----atw- i:\windows\system32\SIntfNT.dll

2010-10-19 14:12 . 2010-10-19 13:36 17212 ----atw- i:\windows\system32\SIntf32.dll

2010-10-19 14:12 . 2010-10-19 13:36 12067 ----atw- i:\windows\system32\SIntf16.dll

2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- i:\windows\system32\xlive.dll

2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- i:\windows\system32\xlivefnt.dll

1997-02-17 10:37 . 1999-06-23 20:24 171520 ----a-w- i:\program files\CNCS32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="i:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AVP"="i:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2011-01-08 365336]

i:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - i:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=i:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\I:^Users^lufraki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

path=i:\users\lufraki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

backup=i:\windows\pss\CurseClientStartup.ccip.Startup

backupExtension=.Startup

[HKLM\~\startupfolder\I:^Users^lufraki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iRotate.lnk]

path=i:\users\lufraki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iRotate.lnk

backup=i:\windows\pss\iRotate.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteDir[b04] WIPE_B04.TMP]

RD [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- i:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- i:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-09-22 22:47 4240760 ----a-w- i:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]

c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- i:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-12-14 20:02 2424560 ----a-w- i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="i:\program files\Windows Live\Messenger\msnmsgr.exe" /background

"SUPERAntiSpyware"=i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

"Steam"="i:\program files\Steam\Steam.exe" -silent

"Pando Media Booster"=i:\program files\Pando Networks\Media Booster\PMB.exe

"RGSC"=i:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"HP Software Update"=i:\program files\HP\HP Software Update\HPWuSchd2.exe

"Zboard"=i:\program files\Ideazon\ZEngine\Zboard.exe

"ATICustomerCare"="i:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"

"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"RtHDVCpl"=i:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s

"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SearchSettings"="i:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"

"Malwarebytes' Anti-Malware (reboot)"="i:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"AVG_TRAY"=i:\program files\AVG\AVG10\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AVGIDSShim;AVGIDSShim;i:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

R3 EagleXNt;EagleXNt;i:\windows\system32\drivers\EagleXNt.sys [x]

R3 npggsvc;nProtect GameGuard Service;i:\windows\system32\GameMon.des [2010-03-21 3601544]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;i:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]

R3 WatAdminSvc;Windows Activation Technologies-service;i:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]

R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]

S0 sptd;sptd;i:\windows\System32\Drivers\sptd.sys [2010-02-13 691696]

S1 kl2;kl2;i:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;i:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]

S2 Akamai;Akamai NetSession Interface;i:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AMD External Events Utility;AMD External Events Utility;i:\windows\system32\atiesrxx.exe [2010-11-26 176128]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;i:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-23 1483072]

S3 amdkmdag;amdkmdag;i:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]

S3 amdkmdap;amdkmdap;i:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;i:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]

S3 klmouflt;Kaspersky Lab KLMOUFLT;i:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;i:\windows\system32\Drivers\RtsUStor.sys [2010-06-04 189784]

S3 RTL8167;Realtek 8167 NT Driver;i:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-17 322664]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;i:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]

S3 WVKeyboardService;Wayontec Virtual Keyboard Driver;i:\windows\system32\Drivers\wvkeybd.sys [2010-06-18 10568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2011-01-03 i:\windows\Tasks\DriverEasy Scheduled Scan.job

- i:\program files\Easeware\DriverEasy\DriverEasy.exe [2010-12-17 19:55]

.

.

------- Bijkomende Scan -------

.

IE: Add to Anti-Banner - i:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

FF - ProfilePath - i:\users\lufraki\AppData\Roaming\Mozilla\Firefox\Profiles\1oatxjms.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://countdown.free-and-online.com/?timer=2456

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=0&v=6.010.023.001&i=23&tp=ab&iy=&ychte=nl&lng=nl&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - i:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - i:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - i:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - i:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - i:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]

"ImagePath"="i:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2838343270-200650475-273469060-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:d5,4f,f0,3a,75,22,7c,05,a7,8e,ba,99,97,b3,a1,e3,ba,ae,66,82,7c,d3,e4,

13,dd,21,3c,98,ec,35,14,a8,e1,8a,45,83,58,d7,42,73,9e,aa,d5,87,dd,d0,59,f0,\

"??"=hex:d3,5d,4a,97,68,f9,aa,1b,29,0d,aa,a8,22,84,59,9a

[HKEY_USERS\S-1-5-21-2838343270-200650475-273469060-1001\Software\SecuROM\License information*]

"datasecu"=hex:e6,8e,84,56,c0,a0,2a,ef,88,2a,54,89,7e,c0,cd,b7,cf,17,a2,5c,fa,

58,9c,e3,ad,fb,20,ce,fe,75,46,84,fa,91,15,1a,cb,d5,a8,f6,ee,55,bf,62,72,f1,\

"rkeysecu"=hex:ba,76,e9,0a,e3,97,f2,eb,93,d5,91,41,36,38,c1,ee

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

i:\windows\system32\atieclxx.exe

i:\windows\system32\PnkBstrA.exe

i:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

i:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

i:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

i:\windows\system32\taskhost.exe

i:\program files\IObit\Game Booster\GameBox.exe

i:\windows\system32\conhost.exe

i:\program files\Windows Media Player\wmpnscfg.exe

i:\program files\Windows Media Player\wmpnscfg.exe

.

**************************************************************************

.

Voltooingstijd: 2011-01-08 22:56:56 - machine werd herstart

ComboFix-quarantined-files.txt 2011-01-08 21:56

ComboFix2.txt 2011-01-08 20:30

ComboFix3.txt 2009-05-09 16:48

ComboFix4.txt 2009-04-07 17:04

Pre-Run: 471.623.446.528 bytes beschikbaar

Post-Run: 471.394.656.256 bytes beschikbaar

- - End Of File - - CBD7369F101CA71707E8DEC0FF5D9622

[kape]

Hoe staat het nu met de foutmelding bij het opstarten ?

[lufraki]

Het is weer weg Super bedankt, maar aangezien dit al de 2e infectie is, kun je mij misschien vertellen wat ik precies voor een probleem had, om verder te voorkomen>?

[kape]

Het is weer weg Super bedankt, maar aangezien dit al de 2e infectie is, kun je mij misschien vertellen wat ik precies voor een probleem had, om verder te voorkomen>?

Probleem is dat het hier om twee verschillende oorzaken gaat, die blijkbaar tot hetzelfde resultaat leiden ?

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !