Mijn pc start zeer traag op(10 min)

[cobfreak]

Hallo,

mijn pc start zeer traag op en ik wil hier vanaf hopelijk kunnen jullie mij helpen

heb ook een Hijack log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 0:36:20, on 4/11/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\SvcHost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

C:\WINDOWS\System32\SvcHost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MyWebSearch Home Page

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll (file missing)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll (file missing)

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: BgGamingMonitor.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe

O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--

End of file - 10519 bytes

[kweezie wabbit]

Niets problematisch in dit logje.

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop "Planner voor Automatische LiveUpdate" en druk op Enter.

Tik in: sc delete "Planner voor Automatische LiveUpdate" en druk op Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll (file missing)

O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... Dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Ik zie dat je het Service Pack 3 voor windows XP nog niet hebt geinstalleerd.

Is daar een speciale reden voor?

Krijg je wel de windows updates reglematig binnen?

Je kan het SP3 hier downloaden en manueel te installeren.

Bullguard is nu niet meteen de lichtste virusscanner en dit kan ook een rol spelen in de opstartsnelheid van de pc.

Zeker als er een opstartscan wordt uitgevoerd, kan dit een vertragende factor zijn.

Je kan ook Soluto eens proberen. Veel gebruikers hebben hier goede ervaringen mee.

[cobfreak]

zoals gevraagd nog een Hijack log en de malware log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:26:23, on 4/11/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\SvcHost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

C:\WINDOWS\System32\SvcHost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MyWebSearch Home Page

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: BgGamingMonitor.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe

O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--

End of file - 10019 bytes

en de malware

Malwarebytes' Anti-Malware 1.51.2.1300

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 8081

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

4/11/2011 11:20:08

mbam-log-2011-11-04 (11-20-08).txt

Scantype: Snelle scan

Objecten gescand: 235772

Verstreken tijd: 45 minuut/minuten, 9 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 2

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 13

Bestanden geïnfecteerd: 33

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\documents and settings\hp_eigenaar\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\documents and settings\hp_eigenaar\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\documents and settings\hp_eigenaar\application data\funwebproducts\Data\hp_eigenaar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\fbrowseradvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

c:\program files\smartenhancer (Trojan.BHO) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu start\programma's\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

c:\documents and settings\hp_eigenaar\menu start\programma's\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu start\programma's\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\documents and settings\hp_eigenaar.uw-4b58d8528225\mijn documenten\downloads\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\documents and settings\hp_eigenaar.uw-4b58d8528225\mijn documenten\downloads\installer_µtorrent_1_8_5_nederlands_dutch.exe (PUP.SmsPay.pns) -> Not selected for removal.

c:\program files\smartenhancer\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.

c:\documents and settings\hp_eigenaar.uw-4b58d8528225\local settings\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\hp_eigenaar.uw-4b58d8528225\local settings\Temp\teste.vbs (Trojan.VBS) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor\ixpcomevents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor\main.db-journal (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor\Thumbs.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\fbrowsingadvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

c:\program files\flv direct player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\player.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv\sysclosebutton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv\sysmaxbutton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv\sysminbutton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\flv direct player\Skin\directflv\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.

c:\program files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.

c:\program files\smartenhancer\smartenhancer.dat (Trojan.BHO) -> Quarantined and deleted successfully.

c:\program files\smartenhancer\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu start\programma's\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu start\programma's\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.

c:\documents and settings\hp_eigenaar\menu start\programma's\PlayMP3z\run playmp3z.lnk (Adware.PLayMP3z) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu start\programma's\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu start\programma's\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\documents and settings\all users\menu start\programma's\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

[kweezie wabbit]

Het hijackthis logje ziet er nu goed uit en malwarebutes heeft ook een boel rotzooi opgeruimd.

Je hebt wel het Service Pack 3 voor windows XP nog niet hebt geinstalleerd.

Dit zou je toch zo snel mogelijk moeten doen voor de veiligheid en de prestaties van je systeem.

Hoe staat het met de opstartsnelheid?

[cobfreak]

service pack 3 is geinstalleerd, soluto wou ik proberen maar dat wou niet installeren.

De opstartsnelheid is nog steeds even traag

[kweezie wabbit]

Dan zoeken we nog even verder naar eventuele "deugnieten" die de boel verzieken.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
  Klik hier
  Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  
• Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
  **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  
• Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.
  

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

[cobfreak]

ComboFix 11-11-06.01 - HP_Eigenaar 06/11/2011 11:45:46.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.958.114 [GMT 1:00]

Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Mijn documenten\Downloads\ComboFix.exe

AV: BullGuard Antivirus *Enabled/Updated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}

FW: BullGuard Firewall *Enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator.UW-4B58D8528225\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0a4f35b626016d8cd6d5731fa5e2aad7

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0b64ffa009d9e3d1236fb2b575bd953d

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0d53f0a9a42a5167b78657f1fc9488f1

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1df1df47b49e8b3090bc211048795c5a

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2cc60d08b36af576b11419505050cc6e

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f51f062108c7f20a67770bbdf546004

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\31dca3ca44f44956ffde9959067d1093

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\521788680d3595d05d274f3713057765

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\593abe4ad021a7ca3002ccb2dca1969d

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7afabe4e3af1a66103f629a38d90558a

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9fc2051aee76f9ef060973477300788d

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d1a2c0b23b2d4e91acf26940533c64f0

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1e6d0a92883b25f29523edfaccfcde3b

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\WINDOWS

c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\WINDOWS

c:\documents and settings\HP_Eigenaar\WINDOWS

c:\program files\BitDownload

c:\program files\BitDownload\BitDownload Setup Components

c:\program files\BOTS_6-13-2008.exe

c:\program files\WinPCap

c:\program files\WinPCap\daemon_mgm.exe

c:\program files\WinPCap\INSTALL.LOG

c:\program files\WinPCap\npf_mgm.exe

c:\program files\WinPCap\rpcapd.exe

c:\program files\WinPCap\Uninstall.exe

c:\windows\bwUnin-6.1.4.68-8876480L.exe

c:\windows\bwUnin-7.2.0.157-8876480SL.exe

c:\windows\bwUnin-8.1.1.50-8876480SL.exe

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf

c:\windows\IsUn0413.exe

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000015_.tmp.dll

c:\windows\system32\_000019_.tmp.dll

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

c:\windows\unin0407.exe

c:\windows\unin0413.exe

D:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))

.

.

2011-11-06 09:46 . 2011-11-06 09:46 -------- d-----w- c:\windows\LastGood

2011-11-05 12:30 . 2011-11-06 09:55 -------- d--h--r- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Onlangs geopend

2011-11-05 11:51 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-11-05 11:50 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-11-05 11:47 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-11-05 11:47 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-11-05 11:46 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-11-05 11:42 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-11-05 11:41 . 2009-08-13 15:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll

2011-11-05 11:40 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-11-05 11:39 . 2010-08-16 08:45 590848 ----a-w- c:\windows\system32\SET6.tmp

2011-11-04 13:38 . 2011-11-04 13:42 -------- d-----w- C:\2f196c9f89e9ce98cf70a0bf66233c47

2011-11-04 13:10 . 2011-11-04 13:15 -------- d-----w- C:\5a15bd1d3d01013c33d64b

2011-11-04 13:08 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2011-11-04 13:08 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\dllcache\bthport.sys

2011-11-04 13:05 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys

2011-11-04 13:04 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2011-11-04 13:04 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-11-04 13:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-11-04 13:02 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-11-04 13:02 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-11-04 13:02 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-11-04 13:02 . 2010-12-09 15:14 2197120 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-11-04 13:02 . 2009-03-06 14:23 285696 ------w- c:\windows\system32\dllcache\pdh.dll

2011-11-04 13:02 . 2009-02-09 11:27 111104 ------w- c:\windows\system32\dllcache\services.exe

2011-11-04 13:02 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-11-04 13:02 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-11-04 13:02 . 2009-02-09 10:56 684544 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-11-04 13:02 . 2010-12-20 17:25 735232 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-11-04 13:02 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-11-04 13:02 . 2010-12-09 15:15 739328 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-11-04 13:01 . 2010-12-09 15:14 2153472 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-11-04 13:01 . 2010-12-09 15:14 2031616 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-11-04 13:00 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2011-11-04 12:49 . 2010-07-16 11:58 221184 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-11-04 12:16 . 2008-04-14 21:09 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll

2011-11-04 12:16 . 2009-07-31 09:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll

2011-11-04 12:10 . 2008-04-14 21:32 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2011-11-04 12:07 . 2006-12-28 23:31 19569 ----a-w- c:\windows\005832_.tmp

2011-11-04 11:56 . 2011-11-04 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto

2011-11-04 08:49 . 2011-11-04 08:49 -------- d-----w- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Malwarebytes

2011-11-04 08:49 . 2011-11-04 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-04 08:48 . 2011-11-04 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-04 08:48 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-03 23:35 . 2011-11-03 23:35 388096 ----a-r- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-02 16:36 . 2011-11-02 16:37 -------- d-----w- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Facebook

2011-11-02 09:52 . 2011-11-02 09:53 -------- d-----w- c:\program files\CCleaner

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 11:21 . 2011-05-16 14:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 10:41 . 2011-09-26 10:41 614912 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2011-09-26 10:41 23040 ----a-w- c:\windows\system32\SET1B6.tmp

2011-09-26 10:41 . 2011-09-26 10:41 220160 ----a-w- c:\windows\system32\SET1B5.tmp

2011-09-09 09:12 . 2011-09-09 09:12 602624 ----a-w- c:\windows\system32\SET165.tmp

2011-09-06 14:09 . 2006-05-19 19:56 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56 . 2011-09-05 13:56 1510400 ----a-w- c:\windows\system32\SETE1.tmp

2011-09-05 13:56 . 2011-09-05 13:56 1025024 ----a-w- c:\windows\system32\SETE2.tmp

2011-09-05 13:55 . 2006-05-19 19:55 371712 ------w- c:\windows\system32\html.iec

2011-08-22 19:18 . 2011-04-19 13:43 155992 ----a-w- c:\windows\system32\BGLsp.dll

2011-08-17 13:49 . 2006-05-19 19:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-05 14:50 . 2011-09-04 09:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2005-09-08 07:50 1172472 --sha-r- c:\windows\Cursors\arrow_xm.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-06-10 61440]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

.

c:\documents and settings\Administrator.UW-4B58D8528225\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-4 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\BgGamingMonitor.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-11-04 10:51 136176 ----atw- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]

2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 14:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2011-09-28 21:05 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2004-10-08 10:06 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2004-10-08 10:31 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2004-10-08 10:24 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-01-04 21:47 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Documents and Settings\\HP_Eigenaar.UW-4B58D8528225.000\\Mijn documenten\\Downloads\\solutoinstaller.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1682:TCP"= 1682:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [15/06/2011 11:32 64608]

R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [15/06/2011 11:32 789448]

R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [15/06/2011 11:32 19272]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [19/05/2006 20:56 14336]

R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [30/06/2011 15:30 338264]

R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [19/05/2006 20:56 14336]

R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [19/05/2006 20:56 14336]

R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [19/05/2006 20:56 14336]

R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard [19/05/2006 20:56 14336]

R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [19/05/2006 20:56 14336]

R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [18/05/2011 10:34 320344]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4/01/2006 22:35 2808704]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [15/06/2011 11:32 34280]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [15/06/2011 11:32 267624]

R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [29/06/2011 12:08 288600]

R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [4/01/2006 22:35 468768]

S3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [18/05/2011 10:34 125784]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [4/01/2006 22:35 449920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

BullGuard_Main REG_MULTI_SZ BsMain

BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire

BullGuard_LowPriv REG_MULTI_SZ BsBrowser

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 10:36]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 10:36]

.

2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1926163156-312049928-3774402212-1008Core.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-04 10:51]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1926163156-312049928-3774402212-1008UA.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-04 10:51]

.

2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868996466-2378887863-459018987-1008Core.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 16:42]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868996466-2378887863-459018987-1008UA.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 16:42]

.

2011-11-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2868996466-2378887863-459018987-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

.

2011-10-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2868996466-2378887863-459018987-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

.

2011-11-06 c:\windows\Tasks\User_Feed_Synchronization-{86691127-2526-48A2-BC21-770488CEED6B}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=R7dVuLFG3v1b_bGPV9OUWQ

uInternet Settings,ProxyOverride = localhost

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\windows\system32\BGLsp.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Mozilla\Firefox\Profiles\965ks0js.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox

.

- - - - ORPHANS VERWIJDERD - - - -

.

MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-11-06 11:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1092)

c:\windows\system32\BgGamingMonitor.dll

.

- - - - - - - > 'lsass.exe'(1160)

c:\windows\system32\BgGamingMonitor.dll

c:\windows\system32\BGLsp.dll

.

Voltooingstijd: 2011-11-06 12:03:04

ComboFix-quarantined-files.txt 2011-11-06 11:03

.

Pre-Run: 129.073.602.560 bytes beschikbaar

Post-Run: 129.466.494.976 bytes beschikbaar

.

- - End Of File - - D6F6C14355B6173C2F2E770C29DE8A8B

[kweezie wabbit]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\SET6.tmp

c:\windows\005832_.tmp

c:\windows\system32\SET1B6.tmp

c:\windows\system32\SET1B5.tmp

c:\windows\system32\SET165.tmp

c:\windows\system32\SETE1.tmp

c:\windows\system32\SETE2.tmp

Folder::

C:\2f196c9f89e9ce98cf70a0bf66233c47

C:\5a15bd1d3d01013c33d64b

DDS::

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=R7dVuLFG3v1b_bGPV9OUWQ

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[cobfreak]

ComboFix 11-11-07.03 - HP_Eigenaar 07/11/2011 16:47:54.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.958.471 [GMT 1:00]

Gestart vanuit: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Mijn documenten\Downloads\CFScript.txt

AV: BullGuard Antivirus *Disabled/Outdated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}

FW: BullGuard Firewall *Enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

.

FILE ::

"c:\windows\005832_.tmp"

"c:\windows\system32\SET165.tmp"

"c:\windows\system32\SET1B5.tmp"

"c:\windows\system32\SET1B6.tmp"

"c:\windows\system32\SET6.tmp"

"c:\windows\system32\SETE1.tmp"

"c:\windows\system32\SETE2.tmp"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\2f196c9f89e9ce98cf70a0bf66233c47

c:\2f196c9f89e9ce98cf70a0bf66233c47\baseline.dat

c:\2f196c9f89e9ce98cf70a0bf66233c47\deffactory.dat

c:\2f196c9f89e9ce98cf70a0bf66233c47\DeleteTemp.exe

c:\2f196c9f89e9ce98cf70a0bf66233c47\dlmgr.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\DW20.EXE

c:\2f196c9f89e9ce98cf70a0bf66233c47\DWINTL20.DLL

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1025.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1028.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1029.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1030.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1031.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1032.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1033.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1035.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1036.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1037.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1038.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1040.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1041.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1042.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1043.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1044.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1045.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1046.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1049.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1053.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.1055.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.2052.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.2070.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\eula.3082.rtf

c:\2f196c9f89e9ce98cf70a0bf66233c47\gencomp.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\HtmlLite.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1025.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1028.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1029.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1030.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1031.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1032.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1035.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1036.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1037.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1038.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1040.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1041.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1042.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1043.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1044.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1045.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1046.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1049.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1053.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.1055.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.2052.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.2070.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.3082.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\locdata.ini

c:\2f196c9f89e9ce98cf70a0bf66233c47\logo.bmp

c:\2f196c9f89e9ce98cf70a0bf66233c47\setup.exe

c:\2f196c9f89e9ce98cf70a0bf66233c47\setup.sdb

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1025.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1028.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1029.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1030.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1031.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1032.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1035.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1036.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1037.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1038.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1040.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1041.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1042.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1043.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1044.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1045.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1046.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1049.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1053.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.1055.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.2052.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.2070.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.3082.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\setupres.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\SITSetup.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\vs_setup.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\vs_setup.MS_

c:\2f196c9f89e9ce98cf70a0bf66233c47\vs_setup.pdi

c:\2f196c9f89e9ce98cf70a0bf66233c47\vs70uimgr.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\vsbasereqs.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\vsscenario.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1025.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1028.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1029.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1030.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1031.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1032.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1035.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1036.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1037.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1038.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1040.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1041.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1042.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1043.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1044.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1045.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1046.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1049.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1053.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.1055.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.2052.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.2070.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.3082.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapRes.dll

c:\2f196c9f89e9ce98cf70a0bf66233c47\WapUI.dll

C:\5a15bd1d3d01013c33d64b

c:\5a15bd1d3d01013c33d64b\baseline.dat

c:\5a15bd1d3d01013c33d64b\deffactory.dat

c:\5a15bd1d3d01013c33d64b\DeleteTemp.exe

c:\5a15bd1d3d01013c33d64b\dlmgr.dll

c:\5a15bd1d3d01013c33d64b\DW20.EXE

c:\5a15bd1d3d01013c33d64b\DWINTL20.DLL

c:\5a15bd1d3d01013c33d64b\eula.1025.rtf

c:\5a15bd1d3d01013c33d64b\eula.1028.rtf

c:\5a15bd1d3d01013c33d64b\eula.1029.rtf

c:\5a15bd1d3d01013c33d64b\eula.1030.rtf

c:\5a15bd1d3d01013c33d64b\eula.1031.rtf

c:\5a15bd1d3d01013c33d64b\eula.1032.rtf

c:\5a15bd1d3d01013c33d64b\eula.1033.rtf

c:\5a15bd1d3d01013c33d64b\eula.1035.rtf

c:\5a15bd1d3d01013c33d64b\eula.1036.rtf

c:\5a15bd1d3d01013c33d64b\eula.1037.rtf

c:\5a15bd1d3d01013c33d64b\eula.1038.rtf

c:\5a15bd1d3d01013c33d64b\eula.1040.rtf

c:\5a15bd1d3d01013c33d64b\eula.1041.rtf

c:\5a15bd1d3d01013c33d64b\eula.1042.rtf

c:\5a15bd1d3d01013c33d64b\eula.1043.rtf

c:\5a15bd1d3d01013c33d64b\eula.1044.rtf

c:\5a15bd1d3d01013c33d64b\eula.1045.rtf

c:\5a15bd1d3d01013c33d64b\eula.1046.rtf

c:\5a15bd1d3d01013c33d64b\eula.1049.rtf

c:\5a15bd1d3d01013c33d64b\eula.1053.rtf

c:\5a15bd1d3d01013c33d64b\eula.1055.rtf

c:\5a15bd1d3d01013c33d64b\eula.2052.rtf

c:\5a15bd1d3d01013c33d64b\eula.2070.rtf

c:\5a15bd1d3d01013c33d64b\eula.3082.rtf

c:\5a15bd1d3d01013c33d64b\gencomp.dll

c:\5a15bd1d3d01013c33d64b\HtmlLite.dll

c:\5a15bd1d3d01013c33d64b\locdata.1025.ini

c:\5a15bd1d3d01013c33d64b\locdata.1028.ini

c:\5a15bd1d3d01013c33d64b\locdata.1029.ini

c:\5a15bd1d3d01013c33d64b\locdata.1030.ini

c:\5a15bd1d3d01013c33d64b\locdata.1031.ini

c:\5a15bd1d3d01013c33d64b\locdata.1032.ini

c:\5a15bd1d3d01013c33d64b\locdata.1035.ini

c:\5a15bd1d3d01013c33d64b\locdata.1036.ini

c:\5a15bd1d3d01013c33d64b\locdata.1037.ini

c:\5a15bd1d3d01013c33d64b\locdata.1038.ini

c:\5a15bd1d3d01013c33d64b\locdata.1040.ini

c:\5a15bd1d3d01013c33d64b\locdata.1041.ini

c:\5a15bd1d3d01013c33d64b\locdata.1042.ini

c:\5a15bd1d3d01013c33d64b\locdata.1043.ini

c:\5a15bd1d3d01013c33d64b\locdata.1044.ini

c:\5a15bd1d3d01013c33d64b\locdata.1045.ini

c:\5a15bd1d3d01013c33d64b\locdata.1046.ini

c:\5a15bd1d3d01013c33d64b\locdata.1049.ini

c:\5a15bd1d3d01013c33d64b\locdata.1053.ini

c:\5a15bd1d3d01013c33d64b\locdata.1055.ini

c:\5a15bd1d3d01013c33d64b\locdata.2052.ini

c:\5a15bd1d3d01013c33d64b\locdata.2070.ini

c:\5a15bd1d3d01013c33d64b\locdata.3082.ini

c:\5a15bd1d3d01013c33d64b\locdata.ini

c:\5a15bd1d3d01013c33d64b\logo.bmp

c:\5a15bd1d3d01013c33d64b\setup.exe

c:\5a15bd1d3d01013c33d64b\setup.sdb

c:\5a15bd1d3d01013c33d64b\setupres.1025.dll

c:\5a15bd1d3d01013c33d64b\setupres.1028.dll

c:\5a15bd1d3d01013c33d64b\setupres.1029.dll

c:\5a15bd1d3d01013c33d64b\setupres.1030.dll

c:\5a15bd1d3d01013c33d64b\setupres.1031.dll

c:\5a15bd1d3d01013c33d64b\setupres.1032.dll

c:\5a15bd1d3d01013c33d64b\setupres.1035.dll

c:\5a15bd1d3d01013c33d64b\setupres.1036.dll

c:\5a15bd1d3d01013c33d64b\setupres.1037.dll

c:\5a15bd1d3d01013c33d64b\setupres.1038.dll

c:\5a15bd1d3d01013c33d64b\setupres.1040.dll

c:\5a15bd1d3d01013c33d64b\setupres.1041.dll

c:\5a15bd1d3d01013c33d64b\setupres.1042.dll

c:\5a15bd1d3d01013c33d64b\setupres.1043.dll

c:\5a15bd1d3d01013c33d64b\setupres.1044.dll

c:\5a15bd1d3d01013c33d64b\setupres.1045.dll

c:\5a15bd1d3d01013c33d64b\setupres.1046.dll

c:\5a15bd1d3d01013c33d64b\setupres.1049.dll

c:\5a15bd1d3d01013c33d64b\setupres.1053.dll

c:\5a15bd1d3d01013c33d64b\setupres.1055.dll

c:\5a15bd1d3d01013c33d64b\setupres.2052.dll

c:\5a15bd1d3d01013c33d64b\setupres.2070.dll

c:\5a15bd1d3d01013c33d64b\setupres.3082.dll

c:\5a15bd1d3d01013c33d64b\setupres.dll

c:\5a15bd1d3d01013c33d64b\SITSetup.dll

c:\5a15bd1d3d01013c33d64b\vs_setup.dll

c:\5a15bd1d3d01013c33d64b\vs_setup.MS_

c:\5a15bd1d3d01013c33d64b\vs_setup.pdi

c:\5a15bd1d3d01013c33d64b\vs70uimgr.dll

c:\5a15bd1d3d01013c33d64b\vsbasereqs.dll

c:\5a15bd1d3d01013c33d64b\vsscenario.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1025.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1028.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1029.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1030.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1031.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1032.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1035.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1036.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1037.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1038.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1040.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1041.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1042.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1043.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1044.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1045.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1046.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1049.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1053.dll

c:\5a15bd1d3d01013c33d64b\WapRes.1055.dll

c:\5a15bd1d3d01013c33d64b\WapRes.2052.dll

c:\5a15bd1d3d01013c33d64b\WapRes.2070.dll

c:\5a15bd1d3d01013c33d64b\WapRes.3082.dll

c:\5a15bd1d3d01013c33d64b\WapRes.dll

c:\5a15bd1d3d01013c33d64b\WapUI.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-07 to 2011-11-07 ))))))))))))))))))))))))))))))

.

.

2011-11-05 12:30 . 2011-11-07 15:36 -------- d--h--r- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Onlangs geopend

2011-11-05 11:51 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-11-05 11:50 . 2010-08-23 16:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-11-05 11:47 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-11-05 11:47 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-11-05 11:46 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-11-05 11:42 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-11-05 11:41 . 2009-08-13 15:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll

2011-11-05 11:40 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-11-04 13:08 . 2008-10-15 16:37 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2011-11-04 13:08 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\dllcache\bthport.sys

2011-11-04 13:05 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys

2011-11-04 13:04 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2011-11-04 13:04 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-11-04 13:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-11-04 13:02 . 2010-08-27 08:03 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-11-04 13:02 . 2009-10-15 16:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-11-04 13:02 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-11-04 13:02 . 2010-12-09 15:14 2197120 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-11-04 13:02 . 2009-03-06 14:23 285696 ------w- c:\windows\system32\dllcache\pdh.dll

2011-11-04 13:02 . 2009-02-09 11:27 111104 ------w- c:\windows\system32\dllcache\services.exe

2011-11-04 13:02 . 2009-02-09 10:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-11-04 13:02 . 2009-02-09 10:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-11-04 13:02 . 2009-02-09 10:56 684544 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-11-04 13:02 . 2010-12-20 17:25 735232 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-11-04 13:02 . 2009-02-09 10:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-11-04 13:02 . 2010-12-09 15:15 739328 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-11-04 13:01 . 2010-12-09 15:14 2153472 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-11-04 13:01 . 2010-12-09 15:14 2031616 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-11-04 13:00 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2011-11-04 12:49 . 2010-07-16 11:58 221184 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-11-04 12:16 . 2008-04-14 21:09 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll

2011-11-04 12:16 . 2009-07-31 09:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll

2011-11-04 12:10 . 2008-04-14 21:32 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2011-11-04 12:07 . 2006-12-28 23:31 19569 ----a-w- c:\windows\005832_.tmp

2011-11-04 11:56 . 2011-11-04 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto

2011-11-04 08:49 . 2011-11-04 08:49 -------- d-----w- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Malwarebytes

2011-11-04 08:49 . 2011-11-04 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-04 08:48 . 2011-11-04 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-04 08:48 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-03 23:35 . 2011-11-03 23:35 388096 ----a-r- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-02 16:36 . 2011-11-02 16:37 -------- d-----w- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Facebook

2011-11-02 09:52 . 2011-11-02 09:53 -------- d-----w- c:\program files\CCleaner

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 11:21 . 2011-05-16 14:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 10:41 . 2011-09-26 10:41 614912 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2006-05-19 19:56 23040 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 10:41 . 2006-05-19 19:56 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-09 09:12 . 2006-05-19 19:55 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 14:09 . 2006-05-19 19:56 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:55 . 2006-05-19 19:55 371712 ------w- c:\windows\system32\html.iec

2011-08-22 19:18 . 2011-04-19 13:43 155992 ----a-w- c:\windows\system32\BGLsp.dll

2011-08-17 13:49 . 2006-05-19 19:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-10-05 14:50 . 2011-09-04 09:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2005-09-08 07:50 1172472 --sha-r- c:\windows\Cursors\arrow_xm.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-06_11.00.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-07 15:09 . 2011-11-07 15:09 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat

+ 2011-11-07 15:09 . 2011-11-07 15:09 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat

+ 2006-05-19 19:56 . 2009-06-25 08:27 54272 c:\windows\system32\wdigest.dll

+ 2006-05-19 19:56 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe

- 2006-05-19 19:56 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll

+ 2006-05-19 19:56 . 2009-06-25 08:27 56832 c:\windows\system32\secur32.dll

- 2006-05-19 19:55 . 2008-04-14 21:32 45568 c:\windows\system32\dnsrslvr.dll

+ 2006-05-19 19:55 . 2009-04-20 17:22 45568 c:\windows\system32\dnsrslvr.dll

+ 2006-05-19 19:56 . 2011-09-26 10:41 23040 c:\windows\system32\dllcache\oleaccrc.dll

+ 2008-05-05 06:25 . 2011-02-17 12:54 5632 c:\windows\system32\xpsp4res.dll

+ 2006-05-19 19:56 . 2011-06-20 17:44 293888 c:\windows\system32\winsrv.dll

- 2006-05-19 19:56 . 2008-04-14 21:32 293888 c:\windows\system32\winsrv.dll

+ 2006-05-19 19:56 . 2010-04-16 15:38 406016 c:\windows\system32\usp10.dll

- 2006-05-19 19:56 . 2008-04-14 21:32 406016 c:\windows\system32\usp10.dll

+ 2006-05-19 19:56 . 2010-08-27 08:03 119808 c:\windows\system32\t2embed.dll

- 2006-05-19 19:56 . 2009-10-15 16:38 119808 c:\windows\system32\t2embed.dll

- 2006-05-19 19:56 . 2008-04-14 21:32 135680 c:\windows\system32\shsvcs.dll

+ 2006-05-19 19:56 . 2009-07-27 23:19 135680 c:\windows\system32\shsvcs.dll

+ 2006-05-19 19:56 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll

+ 2006-05-19 19:56 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll

- 2006-05-19 19:56 . 2008-04-14 21:32 249856 c:\windows\system32\odbc32.dll

+ 2006-05-19 19:56 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll

- 2006-05-19 19:56 . 2008-06-20 17:49 247296 c:\windows\system32\mswsock.dll

+ 2006-05-19 19:56 . 2008-06-20 16:04 247296 c:\windows\system32\mswsock.dll

+ 2006-05-19 19:56 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll

+ 2006-05-19 19:55 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll

+ 2006-05-19 19:55 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll

+ 2006-05-19 19:56 . 2011-09-26 10:41 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2006-05-19 19:55 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll

+ 2008-07-29 16:37 . 2008-07-29 16:37 911360 c:\windows\Installer\dd9734.msp

+ 2008-07-29 16:33 . 2008-07-29 16:33 506368 c:\windows\Installer\dd9733.msp

+ 2008-07-29 16:35 . 2008-07-29 16:35 553472 c:\windows\Installer\dd9731.msp

+ 2006-05-19 19:56 . 2011-01-21 14:44 8509440 c:\windows\system32\shell32.dll

+ 2004-08-04 11:00 . 2011-09-05 13:56 1510400 c:\windows\system32\shdocvw.dll

+ 2004-08-04 11:00 . 2010-07-16 12:01 1287680 c:\windows\system32\ole32.dll

- 2006-05-19 19:56 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll

+ 2006-05-19 19:56 . 2010-06-14 07:43 1172480 c:\windows\system32\msxml3.dll

+ 2004-12-03 17:12 . 2011-11-06 11:30 3591144 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 11:00 . 2011-09-05 13:56 1025024 c:\windows\system32\browseui.dll

- 2004-08-04 11:00 . 2010-04-16 16:09 1025024 c:\windows\system32\browseui.dll

+ 2008-07-29 16:31 . 2008-07-29 16:31 6083072 c:\windows\Installer\dd9735.msp

+ 2008-07-29 16:43 . 2008-07-29 16:43 1013248 c:\windows\Installer\dd9732.msp

+ 2008-07-29 16:39 . 2008-07-29 16:39 3403264 c:\windows\Installer\dd9730.msp

+ 2008-07-29 16:41 . 2008-07-29 16:41 6487040 c:\windows\Installer\dd972f.msp

+ 2008-07-29 16:29 . 2008-07-29 16:29 2926080 c:\windows\Installer\dd972e.msp

+ 2008-07-29 16:45 . 2008-07-29 16:45 2543616 c:\windows\Installer\dd972d.msp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-06-10 61440]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

.

c:\documents and settings\Administrator.UW-4B58D8528225\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-4 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\BgGamingMonitor.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-11-04 10:51 136176 ----atw- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]

2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 14:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2011-09-28 21:05 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2004-10-08 10:06 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2004-10-08 10:31 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2004-10-08 10:24 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-01-04 21:47 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Documents and Settings\\HP_Eigenaar.UW-4B58D8528225.000\\Mijn documenten\\Downloads\\solutoinstaller.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2538:TCP"= 2538:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [15/06/2011 11:32 64608]

R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [15/06/2011 11:32 789448]

R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [15/06/2011 11:32 19272]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [19/05/2006 20:56 14336]

R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [30/06/2011 15:30 338264]

R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [19/05/2006 20:56 14336]

R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [19/05/2006 20:56 14336]

R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [19/05/2006 20:56 14336]

R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard [19/05/2006 20:56 14336]

R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [19/05/2006 20:56 14336]

R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [18/05/2011 10:34 320344]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4/01/2006 22:35 2808704]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [15/06/2011 11:32 34280]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [15/06/2011 11:32 267624]

R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [29/06/2011 12:08 288600]

R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [4/01/2006 22:35 468768]

S3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [18/05/2011 10:34 125784]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [4/01/2006 22:35 449920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

BullGuard_Main REG_MULTI_SZ BsMain

BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire

BullGuard_LowPriv REG_MULTI_SZ BsBrowser

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 10:36]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 10:36]

.

2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1926163156-312049928-3774402212-1008Core.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-04 10:51]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1926163156-312049928-3774402212-1008UA.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-04 10:51]

.

2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868996466-2378887863-459018987-1008Core.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 16:42]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868996466-2378887863-459018987-1008UA.job

- c:\documents and settings\HP_Eigenaar.UW-4B58D8528225\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 16:42]

.

2011-11-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2868996466-2378887863-459018987-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

.

2011-10-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2868996466-2378887863-459018987-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

.

2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{86691127-2526-48A2-BC21-770488CEED6B}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = localhost

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\windows\system32\BGLsp.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\HP_Eigenaar.UW-4B58D8528225.000\Application Data\Mozilla\Firefox\Profiles\965ks0js.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-11-07 17:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1028)

c:\windows\system32\BgGamingMonitor.dll

.

- - - - - - - > 'lsass.exe'(1108)

c:\windows\system32\BgGamingMonitor.dll

c:\windows\system32\BGLsp.dll

.

Voltooingstijd: 2011-11-07 17:05:02

ComboFix-quarantined-files.txt 2011-11-07 16:05

ComboFix2.txt 2011-11-06 11:03

.

Pre-Run: 129.468.018.688 bytes beschikbaar

Post-Run: 129.428.815.872 bytes beschikbaar

.

- - End Of File - - 981BA3FA9284AC70C1F0E41C15932EE7

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:12:13, on 7/11/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\SvcHost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

C:\WINDOWS\System32\SvcHost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\BgGamingMonitor.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe

O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 9692 bytes

[kweezie wabbit]

Ga naar de map c:\windows en verwijder het bestand 005832_.tmp

Hoe is het nu met de opstartsnelheid?