[OPGELOST] online computer scan

[honk]

Je kan foto's en andere bijlagen aan een bericht hangen, door onderaan je bericht te klikken op "beheer bijlagen". Dan kan je elke bijlage die voldoet aan de voorwaarden uploaden, samen met je bericht.

Dit krijg ik...

[honk]

BTW: ik heb hierjuist een volledige scan gedaan met malwarebytes' en hij had 59 geïnfecteerde bestanden gevonden. Dus die ijn nu allemaal verwijderd en opgelost en ik zal je de komende dagen zeggen of dit zich nog voordoet.

mvg, Honk

[kape]

Hang dat logje van MBAM eens aan een volgend bericht en maak meteen ook een nieuw log van HiJackTHis.

[honk]

Malwarebytes' Anti-Malware 1.33

Database versie: 1712

Windows 6.0.6000

2/02/2009 19:10:33

mbam-log-2009-02-02 (19-10-33).txt

Scan type: Volledige Scan (C:\|D:\|)

Objecten gescand: 116325

Verstreken tijd: 48 minute(s), 54 second(s)

Geheugenprocessen geïnfecteerd: 1

Geheugenmodulen geïnfecteerd: 4

Registersleutels geïnfecteerd: 32

Registerwaarden geïnfecteerd: 2

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 3

Bestanden geïnfecteerd: 17

Geheugenprocessen geïnfecteerd:

C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{35bf6598-2014-4835-b5fd-0ee1af30a470} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6bee60e-6bbb-4a3a-b0e3-107d203d5b78} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fb24fc1b-ca66-4e63-9130-4b3893fe1681} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ca5b0823-5d3e-4333-b27a-e35e361e2179} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3239a0ea-4203-7bf5-cd1d-fdb0169b2778} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{02110cf9-3753-c2c5-b1a9-21599c9bfe9e} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2f392e48-ca02-684d-a10a-48cc0d456dc2} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{85c33570-fc4b-4bea-70b5-f7c9b9cd5e6f} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{06075f5d-ef05-16d5-5687-249a7c80eb26} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5b225ecb-2ed9-991d-713c-461009a60f29} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\searchspider.spiderbho (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\searchspider.spiderbho.1 (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingadvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

C:\Program Files\BrowsingAdvisor (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\Search Spider (Adware.SearchSpider) -> Delete on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\Search Spider\SpiderUpdate.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem1637.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem23D4.tmp.exe (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem3395.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem4BD1.tmp.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\dbghelp.dll (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\DownloadGnutella.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\SearchSpider.url (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\unins000.dat (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\unins000.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:50, on 2/02/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\pp1.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

D:\documenten hendrik\Programma's\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll

O3 - Toolbar: (no name) - {A00CAD9C-B39E-46EB-8675-F0760D70F4AC} - (no file)

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: aveosti.exe.lnk = ?

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe

O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 8049 bytes

[honk]

Malwarebytes' Anti-Malware 1.33

Database versie: 1712

Windows 6.0.6000

2/02/2009 19:10:33

mbam-log-2009-02-02 (19-10-33).txt

Scan type: Volledige Scan (C:\|D:\|)

Objecten gescand: 116325

Verstreken tijd: 48 minute(s), 54 second(s)

Geheugenprocessen geïnfecteerd: 1

Geheugenmodulen geïnfecteerd: 4

Registersleutels geïnfecteerd: 32

Registerwaarden geïnfecteerd: 2

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 3

Bestanden geïnfecteerd: 17

Geheugenprocessen geïnfecteerd:

C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\searchspidersvc (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{35bf6598-2014-4835-b5fd-0ee1af30a470} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6bee60e-6bbb-4a3a-b0e3-107d203d5b78} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fb24fc1b-ca66-4e63-9130-4b3893fe1681} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c28d210b-755b-461f-8141-fd381889d451} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ca5b0823-5d3e-4333-b27a-e35e361e2179} (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3239a0ea-4203-7bf5-cd1d-fdb0169b2778} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{02110cf9-3753-c2c5-b1a9-21599c9bfe9e} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2f392e48-ca02-684d-a10a-48cc0d456dc2} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{85c33570-fc4b-4bea-70b5-f7c9b9cd5e6f} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{06075f5d-ef05-16d5-5687-249a7c80eb26} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5b225ecb-2ed9-991d-713c-461009a60f29} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingadvisor.****pro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\searchspider.spiderbho (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\searchspider.spiderbho.1 (Adware.SearchSpider) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingadvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a00cad9d-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a00cad9c-b39e-46eb-8675-f0760d70f4ac} (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

C:\Program Files\BrowsingAdvisor (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\Search Spider (Adware.SearchSpider) -> Delete on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Program Files\Search Spider\searchspidersvc.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\SearchSpider.dll (Adware.SearchSpider) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\Search Spider\SpiderUpdate.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem1637.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem23D4.tmp.exe (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem3395.tmp.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Users\hendrik\AppData\Local\Temp\tem4BD1.tmp.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Delete on reboot.

C:\Program Files\BrowsingAdvisor\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\dbghelp.dll (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\DownloadGnutella.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\SearchSpider.url (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\unins000.dat (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\Program Files\Search Spider\unins000.exe (Adware.SearchSpider) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

C:\Windows\System32\winel77.dll (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:50, on 2/02/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\pp1.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

D:\documenten hendrik\Programma's\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: SearchIt99 - {A155F976-57CE-485C-8526-2F477BD7B175} - C:\Users\Public\Documents\SearchIt99\SearchIt99.dll

O3 - Toolbar: (no name) - {A00CAD9C-B39E-46EB-8675-F0760D70F4AC} - (no file)

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: aveosti.exe.lnk = ?

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe

O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 8049 bytes

[honk]

Mijn virusbescherming stond nog uit van dat ene porgramma dat ik moest gebruiken...

[honk]

Maar het tabblad doet zich nog steeds voor... moet ik nu downloaden wat het tabblad zegt of juist niet?

mvg, honk

[kape]

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD.

O3 - Toolbar: (no name) - {A00CAD9C-B39E-46EB-8675-F0760D70F4AC} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Opnieuw Combofix laten scannen en het logje, samen met een nieuw log van HJT in je volgende bericht. Zeker niet downloaden wat aangeboden wordt.

[honk]

ComboFix 09-02-02.03 - hendrik 2009-02-02 22:27:29.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.3070.2273 [GMT 1:00]

Gestart vanuit: d:\documenten hendrik\Programma's\ComboFix.exe

AV: BullGuard Antivirus *On-access scanning disabled* (Outdated)

FW: BullGuard Firewall *enabled*

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-02 to 2009-02-02 ))))))))))))))))))))))))))))))

.

2009-02-02 17:59 . 2009-02-02 19:10 47 --a------ c:\windows\System32\bad_packet

2009-02-02 17:58 . 2009-02-02 19:02 3,474 --a------ c:\windows\System32\nodes.txt.tmp

2009-01-31 21:15 . 2009-01-31 21:15 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-31 21:15 . 2009-01-31 21:17 <DIR> d-------- c:\program files\Microsoft

2009-01-31 21:04 . 2009-02-02 19:25 <DIR> d-------- c:\users\hendrik\Tracing

2009-01-31 20:42 . 2009-01-31 20:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-01-31 20:42 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-01-31 20:42 . 2009-01-31 20:42 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2009-01-31 20:42 . 2009-01-31 20:42 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll

2009-01-31 20:34 . 2009-01-31 20:34 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\hendrik\AppData\Roaming\Malwarebytes

2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\programdata\Malwarebytes

2009-01-31 19:23 . 2009-01-31 19:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 19:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-31 19:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-30 17:58 . 2009-01-30 17:58 <DIR> d-------- c:\program files\Mixxx

2009-01-29 17:54 . 2009-01-29 17:54 10,752 ---h----- c:\windows\pp1.exe

2009-01-23 18:47 . 2009-01-23 18:47 1 ---h----- c:\windows\f5667t5.dat

2009-01-23 16:28 . 2009-01-23 16:28 55,504 --a------ c:\windows\System32\drivers\BdFileSpy.sys

2009-01-20 20:06 . 2009-02-02 19:21 <DIR> d-------- c:\users\hendrik\AppData\Roaming\FrostWire

2009-01-20 20:04 . 2009-01-20 20:06 <DIR> d-------- c:\program files\FrostWire

2009-01-18 15:38 . 2009-01-18 15:38 <DIR> d-------- C:\Westwood

2009-01-17 14:27 . 2009-01-17 14:27 <DIR> d-------- C:\.jagex_cache_32

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-02 18:28 --------- d-----w c:\programdata\BullGuard

2009-02-01 12:51 27,525 ----a-w c:\users\hendrik\AppData\Roaming\nvModes.dat

2009-01-31 20:16 --------- d-----w c:\program files\Windows Live

2009-01-20 19:05 --------- d-----w c:\program files\LimeWire

2009-01-20 18:28 --------- d-----w c:\users\hendrik\AppData\Roaming\LimeWire

2009-01-17 13:28 34 ----a-w c:\users\hendrik\jagex_runescape_preferences.dat

2008-12-15 14:39 --------- d-----w c:\users\hendrik\AppData\Roaming\BullGuard

2008-12-12 17:13 --------- d-----w c:\programdata\Avanquest Bluetooth SDK

2008-12-12 17:00 --------- d-----w c:\program files\Avanquest update

2008-12-12 16:57 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-12 16:57 --------- d-----w c:\programdata\BVRP Software

2008-12-12 15:56 --------- d-----w c:\programdata\Sony Ericsson

2008-12-12 15:56 --------- d-----w c:\program files\Sony Ericsson

2008-12-10 17:37 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-10 17:37 --------- d-----w c:\program files\iTunes

2008-12-10 17:36 --------- d-----w c:\program files\iPod

2008-12-10 17:36 --------- d-----w c:\program files\Common Files\Apple

2008-12-10 17:35 --------- d-----w c:\program files\Bonjour

2008-12-10 17:34 --------- d-----w c:\program files\QuickTime

2008-12-07 12:41 --------- d-----w c:\users\hendrik\AppData\Roaming\Sony

2008-12-07 12:41 --------- d-----w c:\programdata\Sony

2008-12-07 12:34 --------- d-----w c:\program files\Sony

2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR

2008-12-03 20:16 --------- d-----w c:\program files\Vstep

2008-12-03 20:13 --------- d-----w c:\program files\Kellogg's

2008-12-03 13:49 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-03 13:49 --------- d-----w c:\program files\Java

2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll

2008-11-08 14:40 19,784 ----a-w c:\windows\System32\BgOutlookHook.dll

2008-11-08 14:40 14,152 ----a-w c:\windows\System32\lccl.dll

2008-11-08 14:40 14,152 ----a-w c:\windows\System32\client_cc.dll

2008-07-30 21:51 0 ----a-w c:\users\hendrik\AppData\Roaming\wklnhst.dat

2008-07-16 13:26 174 --sha-w c:\program files\desktop.ini

2008-07-15 18:13 0 ---h--w c:\users\All Users\PKP_DLdu.DAT

2008-07-15 18:13 0 ---h--w c:\programdata\PKP_DLdu.DAT

2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-07-25 17:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-07-25 17:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((( snapshot@2009-01-31_23.49.15,61 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

- 2009-01-31 22:38:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-02-02 18:22:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-01-31 22:38:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-02-02 18:22:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-01-31 22:39:46 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-02 18:25:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2009-01-31 22:39:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-02 18:25:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-02 18:25:14 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2000-08-31 07:00:00 286,720 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe

- 2009-01-31 22:38:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-02 18:24:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-31 22:38:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-02 18:24:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-31 22:38:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-02 18:24:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-31 22:47:08 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-02-02 21:27:20 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-02-02 21:27:20 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2009-01-31 22:41:00 7,458 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin

+ 2009-02-02 18:26:07 7,642 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3214536521-4072128669-3750770202-1000_UserData.bin

- 2009-01-31 22:41:00 77,756 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-02-02 18:26:06 77,988 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-31 22:40:59 43,952 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-02-02 18:26:05 44,374 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-01-24 18:31:49 254,058 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-02-02 20:22:16 254,882 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-01-15 18:59:42 263,528 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-02-02 15:53:01 269,856 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-14 1232896]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8462336]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]

"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-03-14 561152]

"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-23 304464]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"pp"="c:\windows\pp1.exe" [2009-01-29 10752]

"RtHDVCpl"="RtHDVCpl.exe" [2007-11-08 c:\windows\RtHDVCpl.exe]

c:\users\hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

aveosti.exe.lnk - c:\program files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe [2008-04-14 28672]

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-27 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{239FA296-4E8B-476F-863E-79A4978EC950}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express

"{40E9D768-04BB-4A17-B090-9921DAC59E4F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{875C8622-8B9E-4A5E-A484-E4E0554AC6D1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{F4CA5235-B03C-4B04-81FC-19D32B817214}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{5B71AA69-59F8-4F5E-AA14-2E93BFB20BD9}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{282AE276-98E3-4A7D-BB93-F12701AC1A77}d:\\documenten hendrik\\et.exe"= UDP:d:\documenten hendrik\et.exe:ET

"UDP Query User{1AD21FE0-E37C-4077-B299-63E752B06299}d:\\documenten hendrik\\et.exe"= TCP:d:\documenten hendrik\et.exe:ET

"TCP Query User{356DB3F7-7E10-442D-B775-F31A2F76A43E}d:\\documenten hendrik\\programma's\\wet\\et.exe"= UDP:d:\documenten hendrik\programma's\wet\et.exe:ET

"UDP Query User{1647553D-4DD4-4811-AC24-9FCFEBD19A8C}d:\\documenten hendrik\\programma's\\wet\\et.exe"= TCP:d:\documenten hendrik\programma's\wet\et.exe:ET

"{760A0F79-3C8D-486A-8233-867820454F3E}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1

"{638546E7-2F5F-49B7-9C52-0F56222A868F}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1

"{E8959A03-5D35-486C-BC26-850D922E3E2E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{49A45A45-6EB8-40BF-A963-B214B8BE3A8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{8C19DEF8-E580-4D45-847D-09FCAB020D73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{905AA0AB-8928-43A6-9CBA-84A1555838A1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{8D2976B0-F416-461F-9039-612B8F493768}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire

"UDP Query User{850EF4FC-3BC5-441B-BFDC-3B333DED20F6}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire

"{960D7CDF-D5D6-49EB-94A7-5CAC4A2EE957}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-04-14 210224]

R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\Afw.sys [2007-11-28 28696]

R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [2009-01-23 55504]

R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016]

R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016]

R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2006-11-02 22016]

R2 eID CRL Service;eID CRL Service;c:\windows\System32\beidservicecrl.exe [2007-02-19 225280]

R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2008-04-14 61440]

R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\System32\drivers\AfwCore.sys [2008-11-08 263192]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-04-14 32256]

R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [2008-04-14 19456]

R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 16984]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\System32\drivers\a38usbxp.sys [2004-04-30 24832]

S3 eID Privacy Service;eID Privacy Service;c:\windows\System32\beidservicepcsc.exe [2007-02-19 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

FF - ProfilePath - c:\users\hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\gkvdumvx.default\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-02 22:28:45

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(1564)

c:\program files\BullGuard Ltd\BullGuard\antispam\PluginHook.dll

c:\program files\BullGuard Ltd\BullGuard\res\nl\PluginHookRes.dll

.

Voltooingstijd: 2009-02-02 22:30:13

ComboFix-quarantined-files.txt 2009-02-02 21:30:10

ComboFix2.txt 2009-02-01 12:37:45

ComboFix3.txt 2009-01-31 22:50:21

Pre-Run: 10.135.810.048 bytes beschikbaar

Post-Run: 10,003,296,256 bytes beschikbaar

222 --- E O F --- 2008-07-16 13:03:04

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:32:26, on 2/02/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\pp1.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\documenten hendrik\Programma's\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [pp] c:\windows\pp1.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: aveosti.exe.lnk = ?

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe

O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 7556 bytes

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\pp1.exe

c:\windows\f5667t5.dat

Folder::

c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"pp"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht