Archief - taakbeheer uitgeschakeld

Kan nergens nog op taakbeheer inschakelen... Ben nochtans systeembeheerder.
AVG geeft ook geen virus na scan, enkel tracking cookies..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:31, on 31/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Firefox\firefox.exe
C:\Documents and Settings\Brandon\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4815 bytes

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Download Combofix

naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
• Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
• Klik op OK in het "NirCmd" venstertje.
• Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
• Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
• Klik na afloop terug op Ja om het scannen op malware te starten.
• Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
• Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

ComboFix 10-03-29.04 - Brandon 01/04/2010 20:31:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.447.147 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Brandon\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


(((((((((((((((((((( Bestanden Gemaakt van 2010-03-01 to 2010-04-01 ))))))))))))))))))))))))))))))
.

2010-03-31 14:40 . 2010-03-31 14:40 -------- d-s---w- c:\documents and settings\Brandon\UserData
2010-03-30 12:50 . 2010-03-30 12:50 -------- d-----w- c:\windows\system32\Adobe
2010-03-25 11:14 . 2010-03-31 11:26 -------- d-----w- c:\documents and settings\Brandon\Application Data\dvdcss
2010-03-21 16:39 . 2010-03-21 16:39 -------- d-----w- c:\windows\Sun
2010-03-21 12:57 . 2010-03-21 12:57 -------- d-----w- c:\program files\Common Files\Java
2010-03-21 12:55 . 2010-03-21 12:55 503808 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\msvcp71.dll
2010-03-21 12:55 . 2010-03-21 12:55 348160 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\msvcr71.dll
2010-03-21 12:55 . 2010-03-21 12:55 499712 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\jmc.dll
2010-03-21 12:55 . 2010-03-21 12:55 61440 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5341ba5b-n\decora-sse.dll
2010-03-21 12:55 . 2010-03-21 12:55 12800 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5341ba5b-n\decora-d3d.dll
2010-03-21 12:54 . 2010-03-21 12:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 12:53 . 2010-03-21 12:53 -------- d-----w- c:\program files\Java
2010-03-19 16:09 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-03-19 16:09 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-03-19 16:08 . 2001-09-06 20:26 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-03-19 16:08 . 2001-09-06 20:26 324608 ----a-w- c:\windows\system32\hpojwia.dll
2010-03-19 16:08 . 2001-08-17 20:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-03-19 16:08 . 2001-08-17 20:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2010-03-19 16:08 . 2001-09-06 18:40 23936 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-03-19 16:08 . 2001-09-06 18:40 23936 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-03-19 16:08 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-03-19 16:08 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-03-19 16:03 . 2010-03-19 16:03 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-03-19 16:01 . 2010-03-19 16:12 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Adobe
2010-03-19 11:34 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-03-18 22:06 . 2010-03-18 22:06 105731 ----a-w- c:\documents and settings\Brandon\Application Data\NoNameScript\nnuninstall.exe
2010-03-18 22:06 . 2010-04-01 14:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\NoNameScript
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\nl-nl
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\l2schemas
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\nl
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\bits
2010-03-18 21:48 . 2010-03-18 21:48 -------- d-----w- c:\windows\EHome
2010-03-18 19:41 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-18 18:16 . 2010-03-18 18:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-18 18:07 . 2010-03-18 18:07 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-18 18:05 . 2010-03-18 18:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-18 18:05 . 2010-03-18 18:05 -------- d-----w- c:\windows\system32\LogFiles
2010-03-18 17:24 . 2010-03-19 16:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-18 17:22 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-18 17:12 . 2010-03-18 21:55 -------- d-----w- c:\windows\ServicePackFiles
2010-03-18 17:11 . 2010-03-18 17:11 -------- d-----w- c:\documents and settings\Brandon\Application Data\SmartFTP
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\program files\SmartFTP Client
2010-03-18 17:03 . 2010-03-18 17:03 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2010-03-18 16:58 . 2004-08-03 21:29 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2010-03-18 16:36 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-18 16:36 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-18 16:36 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-18 16:36 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-18 16:34 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-18 16:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-03-18 16:32 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-18 16:31 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-18 16:30 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-18 16:29 . 2008-04-21 21:16 218624 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-17 18:26 . 2010-04-01 18:13 0 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\prvlcl.dat
2010-03-17 17:09 . 2010-03-17 17:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 17:09 . 2010-03-17 17:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 17:09 . 2010-03-17 17:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 17:08 . 2010-03-17 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 17:07 . 2010-03-17 16:45 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-17 17:07 . 2010-03-17 16:45 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-17 17:07 . 2010-03-17 16:45 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-17 17:07 . 2010-03-17 16:45 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-17 16:46 . 2010-03-17 16:50 -------- d-----w- C:\$AVG
2010-03-17 16:46 . 2010-03-17 17:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 16:46 . 2010-03-17 17:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 16:46 . 2010-03-17 17:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-17 16:46 . 2010-04-01 10:31 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-17 16:45 . 2010-03-17 16:45 -------- d-----w- c:\program files\AVG
2010-03-17 16:45 . 2010-03-17 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-17 16:10 . 2010-03-17 16:28 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Panda Software

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 18:24 . 2010-03-17 14:58 -------- d-----w- c:\documents and settings\Brandon\Application Data\uTorrent
2010-04-01 17:17 . 2010-03-17 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-01 15:42 . 2010-03-17 15:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\vlc
2010-04-01 10:24 . 2010-03-18 22:05 -------- d-----w- c:\program files\mIRC
2010-03-28 09:40 . 2004-08-04 12:00 54668 ----a-w- c:\windows\system32\perfc013.dat
2010-03-28 09:40 . 2004-08-04 12:00 367616 ----a-w- c:\windows\system32\perfh013.dat
2010-03-24 17:12 . 2010-03-17 14:40 -------- d-----w- c:\program files\Firefox
2010-03-18 22:14 . 2010-03-17 14:24 44840 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 22:05 . 2010-03-18 22:05 -------- d-----w- c:\documents and settings\Brandon\Application Data\mIRC
2010-03-18 22:02 . 2010-03-17 14:18 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-18 17:18 . 2010-03-17 14:42 -------- d-----w- c:\program files\Microsoft Works
2010-03-17 19:02 . 2010-03-17 14:57 -------- d-----w- c:\documents and settings\Brandon\Application Data\ISP Monitor
2010-03-17 17:06 . 2010-03-17 14:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 16:51 . 2010-03-17 14:25 13312 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\hide.exe
2010-03-17 16:50 . 2010-03-17 15:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-17 16:06 . 2010-03-17 15:51 -------- d-----w- c:\documents and settings\Brandon\Application Data\DAEMON Tools Lite
2010-03-17 15:52 . 2010-03-17 15:52 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-17 15:51 . 2010-03-17 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-17 15:48 . 2010-03-17 15:00 -------- d-----w- c:\program files\uTorrent
2010-03-17 15:15 . 2010-03-17 15:15 -------- d-----w- c:\program files\Microsoft
2010-03-17 15:15 . 2010-03-17 15:14 -------- d-----w- c:\program files\Windows Live
2010-03-17 15:15 . 2010-03-17 15:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-17 15:13 . 2010-03-17 15:13 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-17 14:58 . 2010-03-17 14:57 -------- d-----w- c:\program files\VLC
2010-03-17 14:57 . 2010-03-17 14:57 -------- d-----w- c:\program files\ISP Monitor
2010-03-17 14:56 . 2010-03-17 14:57 737280 ----a-w- c:\windows\iun6002.exe
2010-03-17 14:41 . 2010-03-17 14:41 0 ----a-w- c:\windows\nsreg.dat
2010-03-17 14:29 . 2010-03-17 14:29 -------- d-----w- c:\program files\AMD
2010-03-17 14:23 . 2010-03-17 14:23 -------- d-----w- c:\program files\Realtek
2010-03-17 14:23 . 2010-03-17 14:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-17 14:18 . 2010-03-17 14:18 -------- d-----w- c:\program files\microsoft frontpage
2010-03-17 14:16 . 2010-03-17 14:16 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-26 05:53 . 2004-08-04 12:00 670208 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:53 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2010-02-28 423536]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-18 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\OOBE\\msoobe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17/03/2010 17:02 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/03/2010 17:52 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/03/2010 18:46 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/03/2010 18:46 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 19:08 308064]
S2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [16/01/2010 21:18 36864]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\swjzbdn7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS VERWIJDERD - - - -

AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-01 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x845741F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761af28
\Driver\ACPI -> ACPI.sys @ 0xf7381cb8
\Driver\atapi -> atapi.sys @ 0xf733cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf722cbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7239a21
SendHandler -> NDIS.sys @ 0xf721787b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2752)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Voltooingstijd: 2010-04-01 20:42:07 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-01 18:42

Pre-Run: 41 984 221 184 bytes beschikbaar
Post-Run: 42 247 892 992 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CE5A9753E07086FB32B0F5DF8FD166DB

Download TDSSKiller naar je bureaublad en pak het bestand vervolgens uit

• Dubbelklik op TDSSKiller.exe om het programma te starten.
• Wanneer het programma klaar is, zal er een log op de C:\ schijf worden aangemaakt. De bestandsnaam van dat logje begint met TDSSKiller.
  
• Post de inhoud van het logje in je volgende bericht.

02:06:22:593 4964 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
02:06:22:593 4964 ================================================================================
02:06:22:593 4964 SystemInfo:

02:06:22:593 4964 OS Version: 5.1.2600 ServicePack: 3.0
02:06:22:593 4964 Product type: Workstation
02:06:22:593 4964 ComputerName: BRANDON-8CEB913
02:06:22:593 4964 UserName: Brandon
02:06:22:593 4964 Windows directory: C:\WINDOWS
02:06:22:593 4964 Processor architecture: Intel x86
02:06:22:593 4964 Number of processors: 1
02:06:22:593 4964 Page size: 0x1000
02:06:22:593 4964 Boot type: Normal boot
02:06:22:593 4964 ================================================================================
02:06:22:640 4964 UnloadDriverW: NtUnloadDriver error 2
02:06:22:640 4964 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
02:06:25:218 4964 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
02:06:25:218 4964 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
02:06:25:218 4964 wfopen_ex: Trying to KLMD file open
02:06:25:218 4964 wfopen_ex: File opened ok (Flags 2)
02:06:25:218 4964 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
02:06:25:281 4964 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
02:06:25:281 4964 wfopen_ex: Trying to KLMD file open
02:06:25:281 4964 wfopen_ex: File opened ok (Flags 2)
02:06:25:281 4964 Initialize success
02:06:25:281 4964
02:06:25:281 4964 Scanning Services ...
02:06:25:593 4964 Raw services enum returned 297 services
02:06:25:609 4964
02:06:25:609 4964 Scanning Kernel memory ...
02:06:25:609 4964 Devices to scan: 7
02:06:25:609 4964
02:06:25:609 4964 Driver Name: Disk
02:06:25:609 4964 IRP_MJ_CREATE : F761CBB0
02:06:25:609 4964 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
02:06:25:609 4964 IRP_MJ_CLOSE : F761CBB0
02:06:25:609 4964 IRP_MJ_READ : F7616D1F
02:06:25:609 4964 IRP_MJ_WRITE : F7616D1F
02:06:25:609 4964 IRP_MJ_QUERY_INFORMATION : 804F355A
02:06:25:609 4964 IRP_MJ_SET_INFORMATION : 804F355A
02:06:25:609 4964 IRP_MJ_QUERY_EA : 804F355A
02:06:25:609 4964 IRP_MJ_SET_EA : 804F355A
02:06:25:609 4964 IRP_MJ_FLUSH_BUFFERS : F76172E2
02:06:25:609 4964 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
02:06:25:609 4964 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
02:06:25:609 4964 IRP_MJ_DIRECTORY_CONTROL : 804F355A
02:06:25:609 4964 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
02:06:25:609 4964 IRP_MJ_DEVICE_CONTROL : F76173BB
02:06:25:609 4964 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
02:06:25:609 4964 IRP_MJ_SHUTDOWN : F76172E2
02:06:25:609 4964 IRP_MJ_LOCK_CONTROL : 804F355A
02:06:25:609 4964 IRP_MJ_CLEANUP : 804F355A
02:06:25:609 4964 IRP_MJ_CREATE_MAILSLOT : 804F355A
02:06:25:609 4964 IRP_MJ_QUERY_SECURITY : 804F355A
02:06:25:609 4964 IRP_MJ_SET_SECURITY : 804F355A
02:06:25:609 4964 IRP_MJ_POWER : F7618C82
02:06:25:609 4964 IRP_MJ_SYSTEM_CONTROL : F761D99E
02:06:25:609 4964 IRP_MJ_DEVICE_CHANGE : 804F355A
02:06:25:609 4964 IRP_MJ_QUERY_QUOTA : 804F355A
02:06:25:609 4964 IRP_MJ_SET_QUOTA : 804F355A
02:06:25:625 4964 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
02:06:25:625 4964
02:06:25:625 4964 Driver Name: Disk
02:06:25:625 4964 IRP_MJ_CREATE : F761CBB0
02:06:25:625 4964 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
02:06:25:625 4964 IRP_MJ_CLOSE : F761CBB0
02:06:25:625 4964 IRP_MJ_READ : F7616D1F
02:06:25:625 4964 IRP_MJ_WRITE : F7616D1F
02:06:25:625 4964 IRP_MJ_QUERY_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_SET_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_QUERY_EA : 804F355A
02:06:25:625 4964 IRP_MJ_SET_EA : 804F355A
02:06:25:625 4964 IRP_MJ_FLUSH_BUFFERS : F76172E2
02:06:25:625 4964 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_DIRECTORY_CONTROL : 804F355A
02:06:25:625 4964 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
02:06:25:625 4964 IRP_MJ_DEVICE_CONTROL : F76173BB
02:06:25:625 4964 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
02:06:25:625 4964 IRP_MJ_SHUTDOWN : F76172E2
02:06:25:625 4964 IRP_MJ_LOCK_CONTROL : 804F355A
02:06:25:625 4964 IRP_MJ_CLEANUP : 804F355A
02:06:25:625 4964 IRP_MJ_CREATE_MAILSLOT : 804F355A
02:06:25:625 4964 IRP_MJ_QUERY_SECURITY : 804F355A
02:06:25:625 4964 IRP_MJ_SET_SECURITY : 804F355A
02:06:25:625 4964 IRP_MJ_POWER : F7618C82
02:06:25:625 4964 IRP_MJ_SYSTEM_CONTROL : F761D99E
02:06:25:625 4964 IRP_MJ_DEVICE_CHANGE : 804F355A
02:06:25:625 4964 IRP_MJ_QUERY_QUOTA : 804F355A
02:06:25:625 4964 IRP_MJ_SET_QUOTA : 804F355A
02:06:25:625 4964 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
02:06:25:625 4964
02:06:25:625 4964 Driver Name: usbstor
02:06:25:625 4964 IRP_MJ_CREATE : 836E8500
02:06:25:625 4964 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
02:06:25:625 4964 IRP_MJ_CLOSE : 836E8500
02:06:25:625 4964 IRP_MJ_READ : 836E8500
02:06:25:625 4964 IRP_MJ_WRITE : 836E8500
02:06:25:625 4964 IRP_MJ_QUERY_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_SET_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_QUERY_EA : 804F355A
02:06:25:625 4964 IRP_MJ_SET_EA : 804F355A
02:06:25:625 4964 IRP_MJ_FLUSH_BUFFERS : 804F355A
02:06:25:625 4964 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
02:06:25:625 4964 IRP_MJ_DIRECTORY_CONTROL : 804F355A
02:06:25:625 4964 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
02:06:25:625 4964 IRP_MJ_DEVICE_CONTROL : 836E8500
02:06:25:625 4964 IRP_MJ_INTERNAL_DEVICE_CONTROL : 836E8500
02:06:25:625 4964 IRP_MJ_SHUTDOWN : 804F355A
02:06:25:625 4964 IRP_MJ_LOCK_CONTROL : 804F355A
02:06:25:625 4964 IRP_MJ_CLEANUP : 804F355A
02:06:25:625 4964 IRP_MJ_CREATE_MAILSLOT : 804F355A
02:06:25:625 4964 IRP_MJ_QUERY_SECURITY : 804F355A
02:06:25:625 4964 IRP_MJ_SET_SECURITY : 804F355A
02:06:25:625 4964 IRP_MJ_POWER : 836E8500
02:06:25:625 4964 IRP_MJ_SYSTEM_CONTROL : 836E8500
02:06:25:625 4964 IRP_MJ_DEVICE_CHANGE : 804F355A
02:06:25:625 4964 IRP_MJ_QUERY_QUOTA : 804F355A
02:06:25:625 4964 IRP_MJ_SET_QUOTA : 804F355A
02:06:25:656 4964 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
02:06:25:656 4964
02:06:25:656 4964 Driver Name: usbstor
02:06:25:656 4964 IRP_MJ_CREATE : 836E8500
02:06:25:656 4964 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
02:06:25:656 4964 IRP_MJ_CLOSE : 836E8500
02:06:25:656 4964 IRP_MJ_READ : 836E8500
02:06:25:656 4964 IRP_MJ_WRITE : 836E8500
02:06:25:656 4964 IRP_MJ_QUERY_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_SET_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_EA : 804F355A
02:06:25:656 4964 IRP_MJ_SET_EA : 804F355A
02:06:25:656 4964 IRP_MJ_FLUSH_BUFFERS : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_DIRECTORY_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_DEVICE_CONTROL : 836E8500
02:06:25:656 4964 IRP_MJ_INTERNAL_DEVICE_CONTROL : 836E8500
02:06:25:656 4964 IRP_MJ_SHUTDOWN : 804F355A
02:06:25:656 4964 IRP_MJ_LOCK_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_CLEANUP : 804F355A
02:06:25:656 4964 IRP_MJ_CREATE_MAILSLOT : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_SECURITY : 804F355A
02:06:25:656 4964 IRP_MJ_SET_SECURITY : 804F355A
02:06:25:656 4964 IRP_MJ_POWER : 836E8500
02:06:25:656 4964 IRP_MJ_SYSTEM_CONTROL : 836E8500
02:06:25:656 4964 IRP_MJ_DEVICE_CHANGE : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_QUOTA : 804F355A
02:06:25:656 4964 IRP_MJ_SET_QUOTA : 804F355A
02:06:25:656 4964 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
02:06:25:656 4964
02:06:25:656 4964 Driver Name: Disk
02:06:25:656 4964 IRP_MJ_CREATE : F761CBB0
02:06:25:656 4964 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
02:06:25:656 4964 IRP_MJ_CLOSE : F761CBB0
02:06:25:656 4964 IRP_MJ_READ : F7616D1F
02:06:25:656 4964 IRP_MJ_WRITE : F7616D1F
02:06:25:656 4964 IRP_MJ_QUERY_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_SET_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_EA : 804F355A
02:06:25:656 4964 IRP_MJ_SET_EA : 804F355A
02:06:25:656 4964 IRP_MJ_FLUSH_BUFFERS : F76172E2
02:06:25:656 4964 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_DIRECTORY_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_DEVICE_CONTROL : F76173BB
02:06:25:656 4964 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
02:06:25:656 4964 IRP_MJ_SHUTDOWN : F76172E2
02:06:25:656 4964 IRP_MJ_LOCK_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_CLEANUP : 804F355A
02:06:25:656 4964 IRP_MJ_CREATE_MAILSLOT : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_SECURITY : 804F355A
02:06:25:656 4964 IRP_MJ_SET_SECURITY : 804F355A
02:06:25:656 4964 IRP_MJ_POWER : F7618C82
02:06:25:656 4964 IRP_MJ_SYSTEM_CONTROL : F761D99E
02:06:25:656 4964 IRP_MJ_DEVICE_CHANGE : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_QUOTA : 804F355A
02:06:25:656 4964 IRP_MJ_SET_QUOTA : 804F355A
02:06:25:656 4964 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
02:06:25:656 4964
02:06:25:656 4964 Driver Name: Disk
02:06:25:656 4964 IRP_MJ_CREATE : F761CBB0
02:06:25:656 4964 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
02:06:25:656 4964 IRP_MJ_CLOSE : F761CBB0
02:06:25:656 4964 IRP_MJ_READ : F7616D1F
02:06:25:656 4964 IRP_MJ_WRITE : F7616D1F
02:06:25:656 4964 IRP_MJ_QUERY_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_SET_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_EA : 804F355A
02:06:25:656 4964 IRP_MJ_SET_EA : 804F355A
02:06:25:656 4964 IRP_MJ_FLUSH_BUFFERS : F76172E2
02:06:25:656 4964 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
02:06:25:656 4964 IRP_MJ_DIRECTORY_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_DEVICE_CONTROL : F76173BB
02:06:25:656 4964 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
02:06:25:656 4964 IRP_MJ_SHUTDOWN : F76172E2
02:06:25:656 4964 IRP_MJ_LOCK_CONTROL : 804F355A
02:06:25:656 4964 IRP_MJ_CLEANUP : 804F355A
02:06:25:656 4964 IRP_MJ_CREATE_MAILSLOT : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_SECURITY : 804F355A
02:06:25:656 4964 IRP_MJ_SET_SECURITY : 804F355A
02:06:25:656 4964 IRP_MJ_POWER : F7618C82
02:06:25:656 4964 IRP_MJ_SYSTEM_CONTROL : F761D99E
02:06:25:656 4964 IRP_MJ_DEVICE_CHANGE : 804F355A
02:06:25:656 4964 IRP_MJ_QUERY_QUOTA : 804F355A
02:06:25:656 4964 IRP_MJ_SET_QUOTA : 804F355A
02:06:25:656 4964 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
02:06:25:656 4964
02:06:25:656 4964 Driver Name: nvata
02:06:25:656 4964 IRP_MJ_CREATE : 845741F8
02:06:25:656 4964 IRP_MJ_CREATE_NAMED_PIPE : 845741F8
02:06:25:656 4964 IRP_MJ_CLOSE : 845741F8
02:06:25:656 4964 IRP_MJ_READ : 845741F8
02:06:25:656 4964 IRP_MJ_WRITE : 845741F8
02:06:25:656 4964 IRP_MJ_QUERY_INFORMATION : 845741F8
02:06:25:656 4964 IRP_MJ_SET_INFORMATION : 845741F8
02:06:25:656 4964 IRP_MJ_QUERY_EA : 845741F8
02:06:25:656 4964 IRP_MJ_SET_EA : 845741F8
02:06:25:656 4964 IRP_MJ_FLUSH_BUFFERS : 845741F8
02:06:25:656 4964 IRP_MJ_QUERY_VOLUME_INFORMATION : 845741F8
02:06:25:656 4964 IRP_MJ_SET_VOLUME_INFORMATION : 845741F8
02:06:25:656 4964 IRP_MJ_DIRECTORY_CONTROL : 845741F8
02:06:25:656 4964 IRP_MJ_FILE_SYSTEM_CONTROL : 845741F8
02:06:25:656 4964 IRP_MJ_DEVICE_CONTROL : 845741F8
02:06:25:656 4964 IRP_MJ_INTERNAL_DEVICE_CONTROL : 845741F8
02:06:25:656 4964 IRP_MJ_SHUTDOWN : 845741F8
02:06:25:656 4964 IRP_MJ_LOCK_CONTROL : 845741F8
02:06:25:656 4964 IRP_MJ_CLEANUP : 845741F8
02:06:25:656 4964 IRP_MJ_CREATE_MAILSLOT : 845741F8
02:06:25:656 4964 IRP_MJ_QUERY_SECURITY : 845741F8
02:06:25:656 4964 IRP_MJ_SET_SECURITY : 845741F8
02:06:25:656 4964 IRP_MJ_POWER : 845741F8
02:06:25:656 4964 IRP_MJ_SYSTEM_CONTROL : 845741F8
02:06:25:656 4964 IRP_MJ_DEVICE_CHANGE : 845741F8
02:06:25:656 4964 IRP_MJ_QUERY_QUOTA : 845741F8
02:06:25:656 4964 IRP_MJ_SET_QUOTA : 845741F8
02:06:25:671 4964 C:\WINDOWS\system32\DRIVERS\nvata.sys - Verdict: 1
02:06:25:671 4964
02:06:25:671 4964 Completed
02:06:25:671 4964
02:06:25:671 4964 Results:
02:06:25:671 4964 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
02:06:25:671 4964 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
02:06:25:671 4964 File objects infected / cured / cured on reboot: 0 / 0 / 0
02:06:25:671 4964
02:06:25:671 4964 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
02:06:25:671 4964 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
02:06:25:671 4964 KLMD(ARK) unloaded successfully

Great, run combofix opnieuw aub en plaats het logje samen met een HijackThis logje.

ComboFix 10-04-03.02 - Brandon 04/04/2010 13:27:11.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.447.112 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Brandon\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-04 to 2010-04-04 ))))))))))))))))))))))))))))))
.

2010-04-02 06:30 . 2010-04-02 06:30 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-02 06:30 . 2010-04-02 06:30 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-31 14:40 . 2010-03-31 14:40 -------- d-s---w- c:\documents and settings\Brandon\UserData
2010-03-30 12:50 . 2010-03-30 12:50 -------- d-----w- c:\windows\system32\Adobe
2010-03-25 11:14 . 2010-03-31 11:26 -------- d-----w- c:\documents and settings\Brandon\Application Data\dvdcss
2010-03-21 16:39 . 2010-03-21 16:39 -------- d-----w- c:\windows\Sun
2010-03-21 12:57 . 2010-03-21 12:57 -------- d-----w- c:\program files\Common Files\Java
2010-03-21 12:55 . 2010-03-21 12:55 503808 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\msvcp71.dll
2010-03-21 12:55 . 2010-03-21 12:55 348160 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\msvcr71.dll
2010-03-21 12:55 . 2010-03-21 12:55 499712 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\jmc.dll
2010-03-21 12:55 . 2010-03-21 12:55 61440 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5341ba5b-n\decora-sse.dll
2010-03-21 12:55 . 2010-03-21 12:55 12800 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5341ba5b-n\decora-d3d.dll
2010-03-21 12:54 . 2010-03-21 12:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 12:53 . 2010-03-21 12:53 -------- d-----w- c:\program files\Java
2010-03-19 16:09 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-03-19 16:09 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-03-19 16:08 . 2001-09-06 20:26 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-03-19 16:08 . 2001-09-06 20:26 324608 ----a-w- c:\windows\system32\hpojwia.dll
2010-03-19 16:08 . 2001-08-17 20:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-03-19 16:08 . 2001-08-17 20:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2010-03-19 16:08 . 2001-09-06 18:40 23936 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-03-19 16:08 . 2001-09-06 18:40 23936 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-03-19 16:08 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-03-19 16:08 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-03-19 16:03 . 2010-03-19 16:03 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-03-19 16:01 . 2010-03-19 16:12 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Adobe
2010-03-19 11:34 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-03-18 22:06 . 2010-03-18 22:06 105731 ----a-w- c:\documents and settings\Brandon\Application Data\NoNameScript\nnuninstall.exe
2010-03-18 22:06 . 2010-04-04 10:49 -------- d-----w- c:\documents and settings\Brandon\Application Data\NoNameScript
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\nl-nl
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\l2schemas
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\nl
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\bits
2010-03-18 21:48 . 2010-03-18 21:48 -------- d-----w- c:\windows\EHome
2010-03-18 19:41 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-18 18:16 . 2010-03-18 18:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-18 18:07 . 2010-03-18 18:07 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-18 18:05 . 2010-03-18 18:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-18 18:05 . 2010-03-18 18:05 -------- d-----w- c:\windows\system32\LogFiles
2010-03-18 17:24 . 2010-03-19 16:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-18 17:22 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-18 17:12 . 2010-03-18 21:55 -------- d-----w- c:\windows\ServicePackFiles
2010-03-18 17:11 . 2010-03-18 17:11 -------- d-----w- c:\documents and settings\Brandon\Application Data\SmartFTP
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\program files\SmartFTP Client
2010-03-18 17:03 . 2010-03-18 17:03 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2010-03-18 16:58 . 2004-08-03 21:29 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2010-03-18 16:36 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-18 16:36 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-18 16:36 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-18 16:36 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-18 16:34 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-18 16:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-03-18 16:32 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-18 16:31 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-18 16:30 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-18 16:29 . 2008-04-21 21:16 218624 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-17 18:26 . 2010-04-04 11:13 0 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\prvlcl.dat
2010-03-17 17:09 . 2010-03-17 17:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 17:09 . 2010-03-17 17:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 17:09 . 2010-03-17 17:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 17:08 . 2010-03-17 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 17:07 . 2010-03-17 16:45 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-17 17:07 . 2010-03-17 16:45 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-17 16:46 . 2010-03-17 16:50 -------- d-----w- C:\$AVG
2010-03-17 16:46 . 2010-03-17 17:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 16:46 . 2010-03-17 17:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 16:46 . 2010-03-17 17:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-17 16:46 . 2010-04-04 07:03 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-17 16:45 . 2010-03-17 16:45 -------- d-----w- c:\program files\AVG
2010-03-17 16:45 . 2010-03-17 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-17 16:10 . 2010-03-17 16:28 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Panda Software

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 10:49 . 2010-03-18 22:05 -------- d-----w- c:\program files\mIRC
2010-04-04 09:42 . 2010-03-17 14:58 -------- d-----w- c:\documents and settings\Brandon\Application Data\uTorrent
2010-04-03 15:17 . 2010-03-17 15:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\vlc
2010-04-03 07:51 . 2010-03-17 14:40 -------- d-----w- c:\program files\Firefox
2010-04-01 17:17 . 2010-03-17 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-28 09:40 . 2004-08-04 12:00 54668 ----a-w- c:\windows\system32\perfc013.dat
2010-03-28 09:40 . 2004-08-04 12:00 367616 ----a-w- c:\windows\system32\perfh013.dat
2010-03-18 22:14 . 2010-03-17 14:24 44840 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 22:05 . 2010-03-18 22:05 -------- d-----w- c:\documents and settings\Brandon\Application Data\mIRC
2010-03-18 22:02 . 2010-03-17 14:18 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-18 17:18 . 2010-03-17 14:42 -------- d-----w- c:\program files\Microsoft Works
2010-03-17 19:02 . 2010-03-17 14:57 -------- d-----w- c:\documents and settings\Brandon\Application Data\ISP Monitor
2010-03-17 17:06 . 2010-03-17 14:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 16:51 . 2010-03-17 14:25 13312 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\hide.exe
2010-03-17 16:50 . 2010-03-17 15:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-17 16:06 . 2010-03-17 15:51 -------- d-----w- c:\documents and settings\Brandon\Application Data\DAEMON Tools Lite
2010-03-17 15:52 . 2010-03-17 15:52 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-17 15:51 . 2010-03-17 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-17 15:48 . 2010-03-17 15:00 -------- d-----w- c:\program files\uTorrent
2010-03-17 15:15 . 2010-03-17 15:15 -------- d-----w- c:\program files\Microsoft
2010-03-17 15:15 . 2010-03-17 15:14 -------- d-----w- c:\program files\Windows Live
2010-03-17 15:15 . 2010-03-17 15:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-17 15:13 . 2010-03-17 15:13 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-17 14:58 . 2010-03-17 14:57 -------- d-----w- c:\program files\VLC
2010-03-17 14:57 . 2010-03-17 14:57 -------- d-----w- c:\program files\ISP Monitor
2010-03-17 14:56 . 2010-03-17 14:57 737280 ----a-w- c:\windows\iun6002.exe
2010-03-17 14:41 . 2010-03-17 14:41 0 ----a-w- c:\windows\nsreg.dat
2010-03-17 14:29 . 2010-03-17 14:29 -------- d-----w- c:\program files\AMD
2010-03-17 14:23 . 2010-03-17 14:23 -------- d-----w- c:\program files\Realtek
2010-03-17 14:23 . 2010-03-17 14:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-17 14:18 . 2010-03-17 14:18 -------- d-----w- c:\program files\microsoft frontpage
2010-03-17 14:16 . 2010-03-17 14:16 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-26 05:53 . 2004-08-04 12:00 670208 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:53 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-01_18.37.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-04 11:34 . 2010-04-04 11:34 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2010-02-28 423536]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-18 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\OOBE\\msoobe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17/03/2010 17:02 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/03/2010 17:52 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/03/2010 18:46 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/03/2010 18:46 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 19:08 308064]
S2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [16/01/2010 21:18 36864]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\swjzbdn7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-04 13:34
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8458C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf761af28
\Driver\ACPI -> ACPI.sys @ 0xf7381cb8
\Driver\atapi -> atapi.sys @ 0xf733cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf722cbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7239a21
SendHandler -> NDIS.sys @ 0xf721787b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3096)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Voltooingstijd: 2010-04-04 13:41:25 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-04 11:41

Pre-Run: 42 178 433 024 bytes beschikbaar
Post-Run: 42 175 930 368 bytes beschikbaar

- - End Of File - - 04F228D14051AD40C6672A347350AE43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:53, on 4/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Firefox\firefox.exe
C:\Documents and Settings\Brandon\Bureaublad\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4840 bytes

Nog eens proberen >

Download TDSSKiller.zip, unzip het en plaats het op je bureaublad: http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.

@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
Bij "Bestandsnaam" zet je: start.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Daarna, Dubbelklik op start.bat
Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt. (eventueel na een reboot)

20:31:40:765 3408 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
20:31:40:765 3408 ================================================================================
20:31:40:765 3408 SystemInfo:

20:31:40:765 3408 OS Version: 5.1.2600 ServicePack: 3.0
20:31:40:765 3408 Product type: Workstation
20:31:40:765 3408 ComputerName: BRANDON-8CEB913
20:31:40:765 3408 UserName: Brandon
20:31:40:765 3408 Windows directory: C:\WINDOWS
20:31:40:765 3408 Processor architecture: Intel x86
20:31:40:765 3408 Number of processors: 1
20:31:40:765 3408 Page size: 0x1000
20:31:40:765 3408 Boot type: Normal boot
20:31:40:765 3408 ================================================================================
20:31:40:812 3408 UnloadDriverW: NtUnloadDriver error 2
20:31:40:812 3408 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:31:41:140 3408 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:31:41:140 3408 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:31:41:140 3408 wfopen_ex: Trying to KLMD file open
20:31:41:140 3408 wfopen_ex: File opened ok (Flags 2)
20:31:41:140 3408 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:31:41:156 3408 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:31:41:156 3408 wfopen_ex: Trying to KLMD file open
20:31:41:156 3408 wfopen_ex: File opened ok (Flags 2)
20:31:41:156 3408 Initialize success
20:31:41:156 3408
20:31:41:156 3408 Scanning Services ...
20:31:41:281 3408 Raw services enum returned 297 services
20:31:41:281 3408
20:31:41:281 3408 Scanning Kernel memory ...
20:31:41:281 3408 Devices to scan: 7
20:31:41:281 3408
20:31:41:281 3408 Driver Name: Disk
20:31:41:281 3408 IRP_MJ_CREATE : F761CBB0
20:31:41:281 3408 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
20:31:41:281 3408 IRP_MJ_CLOSE : F761CBB0
20:31:41:281 3408 IRP_MJ_READ : F7616D1F
20:31:41:281 3408 IRP_MJ_WRITE : F7616D1F
20:31:41:281 3408 IRP_MJ_QUERY_INFORMATION : 804F355A
20:31:41:281 3408 IRP_MJ_SET_INFORMATION : 804F355A
20:31:41:281 3408 IRP_MJ_QUERY_EA : 804F355A
20:31:41:281 3408 IRP_MJ_SET_EA : 804F355A
20:31:41:281 3408 IRP_MJ_FLUSH_BUFFERS : F76172E2
20:31:41:281 3408 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
20:31:41:281 3408 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
20:31:41:281 3408 IRP_MJ_DIRECTORY_CONTROL : 804F355A
20:31:41:281 3408 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
20:31:41:281 3408 IRP_MJ_DEVICE_CONTROL : F76173BB
20:31:41:281 3408 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
20:31:41:281 3408 IRP_MJ_SHUTDOWN : F76172E2
20:31:41:281 3408 IRP_MJ_LOCK_CONTROL : 804F355A
20:31:41:281 3408 IRP_MJ_CLEANUP : 804F355A
20:31:41:281 3408 IRP_MJ_CREATE_MAILSLOT : 804F355A
20:31:41:281 3408 IRP_MJ_QUERY_SECURITY : 804F355A
20:31:41:281 3408 IRP_MJ_SET_SECURITY : 804F355A
20:31:41:281 3408 IRP_MJ_POWER : F7618C82
20:31:41:281 3408 IRP_MJ_SYSTEM_CONTROL : F761D99E
20:31:41:281 3408 IRP_MJ_DEVICE_CHANGE : 804F355A
20:31:41:281 3408 IRP_MJ_QUERY_QUOTA : 804F355A
20:31:41:296 3408 IRP_MJ_SET_QUOTA : 804F355A
20:31:41:328 3408 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:31:41:343 3408
20:31:41:343 3408 Driver Name: Disk
20:31:41:343 3408 IRP_MJ_CREATE : F761CBB0
20:31:41:343 3408 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
20:31:41:343 3408 IRP_MJ_CLOSE : F761CBB0
20:31:41:343 3408 IRP_MJ_READ : F7616D1F
20:31:41:343 3408 IRP_MJ_WRITE : F7616D1F
20:31:41:343 3408 IRP_MJ_QUERY_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_SET_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_QUERY_EA : 804F355A
20:31:41:343 3408 IRP_MJ_SET_EA : 804F355A
20:31:41:343 3408 IRP_MJ_FLUSH_BUFFERS : F76172E2
20:31:41:343 3408 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_DIRECTORY_CONTROL : 804F355A
20:31:41:343 3408 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
20:31:41:343 3408 IRP_MJ_DEVICE_CONTROL : F76173BB
20:31:41:343 3408 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
20:31:41:343 3408 IRP_MJ_SHUTDOWN : F76172E2
20:31:41:343 3408 IRP_MJ_LOCK_CONTROL : 804F355A
20:31:41:343 3408 IRP_MJ_CLEANUP : 804F355A
20:31:41:343 3408 IRP_MJ_CREATE_MAILSLOT : 804F355A
20:31:41:343 3408 IRP_MJ_QUERY_SECURITY : 804F355A
20:31:41:343 3408 IRP_MJ_SET_SECURITY : 804F355A
20:31:41:343 3408 IRP_MJ_POWER : F7618C82
20:31:41:343 3408 IRP_MJ_SYSTEM_CONTROL : F761D99E
20:31:41:343 3408 IRP_MJ_DEVICE_CHANGE : 804F355A
20:31:41:343 3408 IRP_MJ_QUERY_QUOTA : 804F355A
20:31:41:343 3408 IRP_MJ_SET_QUOTA : 804F355A
20:31:41:343 3408 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:31:41:343 3408
20:31:41:343 3408 Driver Name: usbstor
20:31:41:343 3408 IRP_MJ_CREATE : 837D91F8
20:31:41:343 3408 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
20:31:41:343 3408 IRP_MJ_CLOSE : 837D91F8
20:31:41:343 3408 IRP_MJ_READ : 837D91F8
20:31:41:343 3408 IRP_MJ_WRITE : 837D91F8
20:31:41:343 3408 IRP_MJ_QUERY_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_SET_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_QUERY_EA : 804F355A
20:31:41:343 3408 IRP_MJ_SET_EA : 804F355A
20:31:41:343 3408 IRP_MJ_FLUSH_BUFFERS : 804F355A
20:31:41:343 3408 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
20:31:41:343 3408 IRP_MJ_DIRECTORY_CONTROL : 804F355A
20:31:41:343 3408 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
20:31:41:343 3408 IRP_MJ_DEVICE_CONTROL : 837D91F8
20:31:41:343 3408 IRP_MJ_INTERNAL_DEVICE_CONTROL : 837D91F8
20:31:41:343 3408 IRP_MJ_SHUTDOWN : 804F355A
20:31:41:343 3408 IRP_MJ_LOCK_CONTROL : 804F355A
20:31:41:343 3408 IRP_MJ_CLEANUP : 804F355A
20:31:41:343 3408 IRP_MJ_CREATE_MAILSLOT : 804F355A
20:31:41:343 3408 IRP_MJ_QUERY_SECURITY : 804F355A
20:31:41:343 3408 IRP_MJ_SET_SECURITY : 804F355A
20:31:41:343 3408 IRP_MJ_POWER : 837D91F8
20:31:41:343 3408 IRP_MJ_SYSTEM_CONTROL : 837D91F8
20:31:41:343 3408 IRP_MJ_DEVICE_CHANGE : 804F355A
20:31:41:343 3408 IRP_MJ_QUERY_QUOTA : 804F355A
20:31:41:343 3408 IRP_MJ_SET_QUOTA : 804F355A
20:31:41:406 3408 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:31:41:406 3408
20:31:41:406 3408 Driver Name: usbstor
20:31:41:406 3408 IRP_MJ_CREATE : 837D91F8
20:31:41:406 3408 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
20:31:41:406 3408 IRP_MJ_CLOSE : 837D91F8
20:31:41:406 3408 IRP_MJ_READ : 837D91F8
20:31:41:406 3408 IRP_MJ_WRITE : 837D91F8
20:31:41:406 3408 IRP_MJ_QUERY_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_SET_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_QUERY_EA : 804F355A
20:31:41:406 3408 IRP_MJ_SET_EA : 804F355A
20:31:41:406 3408 IRP_MJ_FLUSH_BUFFERS : 804F355A
20:31:41:406 3408 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_DIRECTORY_CONTROL : 804F355A
20:31:41:406 3408 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
20:31:41:406 3408 IRP_MJ_DEVICE_CONTROL : 837D91F8
20:31:41:406 3408 IRP_MJ_INTERNAL_DEVICE_CONTROL : 837D91F8
20:31:41:406 3408 IRP_MJ_SHUTDOWN : 804F355A
20:31:41:406 3408 IRP_MJ_LOCK_CONTROL : 804F355A
20:31:41:406 3408 IRP_MJ_CLEANUP : 804F355A
20:31:41:406 3408 IRP_MJ_CREATE_MAILSLOT : 804F355A
20:31:41:406 3408 IRP_MJ_QUERY_SECURITY : 804F355A
20:31:41:406 3408 IRP_MJ_SET_SECURITY : 804F355A
20:31:41:406 3408 IRP_MJ_POWER : 837D91F8
20:31:41:406 3408 IRP_MJ_SYSTEM_CONTROL : 837D91F8
20:31:41:406 3408 IRP_MJ_DEVICE_CHANGE : 804F355A
20:31:41:406 3408 IRP_MJ_QUERY_QUOTA : 804F355A
20:31:41:406 3408 IRP_MJ_SET_QUOTA : 804F355A
20:31:41:406 3408 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
20:31:41:406 3408
20:31:41:406 3408 Driver Name: Disk
20:31:41:406 3408 IRP_MJ_CREATE : F761CBB0
20:31:41:406 3408 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
20:31:41:406 3408 IRP_MJ_CLOSE : F761CBB0
20:31:41:406 3408 IRP_MJ_READ : F7616D1F
20:31:41:406 3408 IRP_MJ_WRITE : F7616D1F
20:31:41:406 3408 IRP_MJ_QUERY_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_SET_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_QUERY_EA : 804F355A
20:31:41:406 3408 IRP_MJ_SET_EA : 804F355A
20:31:41:406 3408 IRP_MJ_FLUSH_BUFFERS : F76172E2
20:31:41:406 3408 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
20:31:41:406 3408 IRP_MJ_DIRECTORY_CONTROL : 804F355A
20:31:41:406 3408 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
20:31:41:406 3408 IRP_MJ_DEVICE_CONTROL : F76173BB
20:31:41:406 3408 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
20:31:41:406 3408 IRP_MJ_SHUTDOWN : F76172E2
20:31:41:406 3408 IRP_MJ_LOCK_CONTROL : 804F355A
20:31:41:406 3408 IRP_MJ_CLEANUP : 804F355A
20:31:41:406 3408 IRP_MJ_CREATE_MAILSLOT : 804F355A
20:31:41:406 3408 IRP_MJ_QUERY_SECURITY : 804F355A
20:31:41:406 3408 IRP_MJ_SET_SECURITY : 804F355A
20:31:41:406 3408 IRP_MJ_POWER : F7618C82
20:31:41:406 3408 IRP_MJ_SYSTEM_CONTROL : F761D99E
20:31:41:406 3408 IRP_MJ_DEVICE_CHANGE : 804F355A
20:31:41:406 3408 IRP_MJ_QUERY_QUOTA : 804F355A
20:31:41:406 3408 IRP_MJ_SET_QUOTA : 804F355A
20:31:41:421 3408 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:31:41:421 3408
20:31:41:421 3408 Driver Name: Disk
20:31:41:421 3408 IRP_MJ_CREATE : F761CBB0
20:31:41:421 3408 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
20:31:41:421 3408 IRP_MJ_CLOSE : F761CBB0
20:31:41:421 3408 IRP_MJ_READ : F7616D1F
20:31:41:421 3408 IRP_MJ_WRITE : F7616D1F
20:31:41:421 3408 IRP_MJ_QUERY_INFORMATION : 804F355A
20:31:41:421 3408 IRP_MJ_SET_INFORMATION : 804F355A
20:31:41:421 3408 IRP_MJ_QUERY_EA : 804F355A
20:31:41:421 3408 IRP_MJ_SET_EA : 804F355A
20:31:41:421 3408 IRP_MJ_FLUSH_BUFFERS : F76172E2
20:31:41:421 3408 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
20:31:41:421 3408 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
20:31:41:421 3408 IRP_MJ_DIRECTORY_CONTROL : 804F355A
20:31:41:421 3408 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
20:31:41:421 3408 IRP_MJ_DEVICE_CONTROL : F76173BB
20:31:41:421 3408 IRP_MJ_INTERNAL_DEVICE_CONTROL : F761AF28
20:31:41:421 3408 IRP_MJ_SHUTDOWN : F76172E2
20:31:41:421 3408 IRP_MJ_LOCK_CONTROL : 804F355A
20:31:41:421 3408 IRP_MJ_CLEANUP : 804F355A
20:31:41:421 3408 IRP_MJ_CREATE_MAILSLOT : 804F355A
20:31:41:421 3408 IRP_MJ_QUERY_SECURITY : 804F355A
20:31:41:421 3408 IRP_MJ_SET_SECURITY : 804F355A
20:31:41:421 3408 IRP_MJ_POWER : F7618C82
20:31:41:421 3408 IRP_MJ_SYSTEM_CONTROL : F761D99E
20:31:41:421 3408 IRP_MJ_DEVICE_CHANGE : 804F355A
20:31:41:421 3408 IRP_MJ_QUERY_QUOTA : 804F355A
20:31:41:421 3408 IRP_MJ_SET_QUOTA : 804F355A
20:31:41:421 3408 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:31:41:421 3408
20:31:41:421 3408 Driver Name: nvata
20:31:41:421 3408 IRP_MJ_CREATE : 8458C1F8
20:31:41:421 3408 IRP_MJ_CREATE_NAMED_PIPE : 8458C1F8
20:31:41:421 3408 IRP_MJ_CLOSE : 8458C1F8
20:31:41:421 3408 IRP_MJ_READ : 8458C1F8
20:31:41:421 3408 IRP_MJ_WRITE : 8458C1F8
20:31:41:421 3408 IRP_MJ_QUERY_INFORMATION : 8458C1F8
20:31:41:421 3408 IRP_MJ_SET_INFORMATION : 8458C1F8
20:31:41:421 3408 IRP_MJ_QUERY_EA : 8458C1F8
20:31:41:421 3408 IRP_MJ_SET_EA : 8458C1F8
20:31:41:421 3408 IRP_MJ_FLUSH_BUFFERS : 8458C1F8
20:31:41:421 3408 IRP_MJ_QUERY_VOLUME_INFORMATION : 8458C1F8
20:31:41:421 3408 IRP_MJ_SET_VOLUME_INFORMATION : 8458C1F8
20:31:41:421 3408 IRP_MJ_DIRECTORY_CONTROL : 8458C1F8
20:31:41:421 3408 IRP_MJ_FILE_SYSTEM_CONTROL : 8458C1F8
20:31:41:421 3408 IRP_MJ_DEVICE_CONTROL : 8458C1F8
20:31:41:421 3408 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8458C1F8
20:31:41:421 3408 IRP_MJ_SHUTDOWN : 8458C1F8
20:31:41:421 3408 IRP_MJ_LOCK_CONTROL : 8458C1F8
20:31:41:421 3408 IRP_MJ_CLEANUP : 8458C1F8
20:31:41:421 3408 IRP_MJ_CREATE_MAILSLOT : 8458C1F8
20:31:41:421 3408 IRP_MJ_QUERY_SECURITY : 8458C1F8
20:31:41:421 3408 IRP_MJ_SET_SECURITY : 8458C1F8
20:31:41:421 3408 IRP_MJ_POWER : 8458C1F8
20:31:41:421 3408 IRP_MJ_SYSTEM_CONTROL : 8458C1F8
20:31:41:421 3408 IRP_MJ_DEVICE_CHANGE : 8458C1F8
20:31:41:421 3408 IRP_MJ_QUERY_QUOTA : 8458C1F8
20:31:41:421 3408 IRP_MJ_SET_QUOTA : 8458C1F8
20:31:41:437 3408 C:\WINDOWS\system32\DRIVERS\nvata.sys - Verdict: 1
20:31:41:437 3408
20:31:41:437 3408 Completed
20:31:41:437 3408
20:31:41:437 3408 Results:
20:31:41:437 3408 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:41:437 3408 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:41:437 3408 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:41:437 3408
20:31:41:437 3408 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:31:41:437 3408 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:31:41:453 3408 KLMD(ARK) unloaded successfully

Wil je combofix nog eens laten scannen en de uitslag plaatsen?

ComboFix 10-04-04.01 - Brandon 05/04/2010 12:29:36.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.447.102 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Brandon\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-05 to 2010-04-05 ))))))))))))))))))))))))))))))
.

2010-04-02 06:30 . 2010-04-02 06:30 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-02 06:30 . 2010-04-02 06:30 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-31 14:40 . 2010-03-31 14:40 -------- d-s---w- c:\documents and settings\Brandon\UserData
2010-03-30 12:50 . 2010-03-30 12:50 -------- d-----w- c:\windows\system32\Adobe
2010-03-25 11:14 . 2010-03-31 11:26 -------- d-----w- c:\documents and settings\Brandon\Application Data\dvdcss
2010-03-21 16:39 . 2010-03-21 16:39 -------- d-----w- c:\windows\Sun
2010-03-21 12:57 . 2010-03-21 12:57 -------- d-----w- c:\program files\Common Files\Java
2010-03-21 12:55 . 2010-03-21 12:55 503808 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\msvcp71.dll
2010-03-21 12:55 . 2010-03-21 12:55 348160 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\msvcr71.dll
2010-03-21 12:55 . 2010-03-21 12:55 499712 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74b07a74-n\jmc.dll
2010-03-21 12:55 . 2010-03-21 12:55 61440 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5341ba5b-n\decora-sse.dll
2010-03-21 12:55 . 2010-03-21 12:55 12800 ----a-w- c:\documents and settings\Brandon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5341ba5b-n\decora-d3d.dll
2010-03-21 12:54 . 2010-03-21 12:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 12:53 . 2010-03-21 12:53 -------- d-----w- c:\program files\Java
2010-03-19 16:09 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-03-19 16:09 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-03-19 16:08 . 2001-09-06 20:26 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-03-19 16:08 . 2001-09-06 20:26 324608 ----a-w- c:\windows\system32\hpojwia.dll
2010-03-19 16:08 . 2001-08-17 20:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-03-19 16:08 . 2001-08-17 20:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2010-03-19 16:08 . 2001-09-06 18:40 23936 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-03-19 16:08 . 2001-09-06 18:40 23936 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-03-19 16:08 . 2008-04-13 18:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-03-19 16:08 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-03-19 16:03 . 2010-03-19 16:03 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-03-19 16:01 . 2010-03-19 16:12 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Adobe
2010-03-19 11:34 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-03-18 22:06 . 2010-03-18 22:06 105731 ----a-w- c:\documents and settings\Brandon\Application Data\NoNameScript\nnuninstall.exe
2010-03-18 22:06 . 2010-04-05 08:26 -------- d-----w- c:\documents and settings\Brandon\Application Data\NoNameScript
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\nl-nl
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\l2schemas
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\nl
2010-03-18 21:59 . 2010-03-18 21:59 -------- d-----w- c:\windows\system32\bits
2010-03-18 21:48 . 2010-03-18 21:48 -------- d-----w- c:\windows\EHome
2010-03-18 19:41 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-18 18:16 . 2010-03-18 18:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-18 18:07 . 2010-03-18 18:07 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-18 18:05 . 2010-03-18 18:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-18 18:05 . 2010-03-18 18:05 -------- d-----w- c:\windows\system32\LogFiles
2010-03-18 17:24 . 2010-03-19 16:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-18 17:22 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-18 17:12 . 2010-03-18 21:55 -------- d-----w- c:\windows\ServicePackFiles
2010-03-18 17:11 . 2010-03-18 17:11 -------- d-----w- c:\documents and settings\Brandon\Application Data\SmartFTP
2010-03-18 17:04 . 2010-03-18 17:04 -------- d-----w- c:\program files\SmartFTP Client
2010-03-18 17:03 . 2010-03-18 17:03 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2010-03-18 16:58 . 2004-08-03 21:29 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2010-03-18 16:36 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-18 16:36 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-18 16:36 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-18 16:36 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-18 16:34 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-18 16:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-03-18 16:32 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-18 16:31 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-18 16:30 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-18 16:29 . 2008-04-21 21:16 218624 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-17 18:26 . 2010-04-05 10:13 0 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\prvlcl.dat
2010-03-17 17:09 . 2010-03-17 17:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 17:09 . 2010-03-17 17:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 17:09 . 2010-03-17 17:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 17:08 . 2010-03-17 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 17:07 . 2010-03-17 16:45 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-17 17:07 . 2010-03-17 16:45 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-17 16:46 . 2010-03-17 16:50 -------- d-----w- C:\$AVG
2010-03-17 16:46 . 2010-03-17 17:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 16:46 . 2010-03-17 17:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 16:46 . 2010-03-17 17:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-17 16:46 . 2010-04-05 06:57 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-17 16:45 . 2010-03-17 16:45 -------- d-----w- c:\program files\AVG
2010-03-17 16:45 . 2010-03-17 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-17 16:10 . 2010-03-17 16:28 -------- d-----w- c:\documents and settings\Brandon\Local Settings\Application Data\Panda Software

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 08:26 . 2010-03-18 22:05 -------- d-----w- c:\program files\mIRC
2010-04-05 08:25 . 2010-03-17 14:58 -------- d-----w- c:\documents and settings\Brandon\Application Data\uTorrent
2010-04-04 16:35 . 2010-03-17 15:13 -------- d-----w- c:\documents and settings\Brandon\Application Data\vlc
2010-04-03 07:51 . 2010-03-17 14:40 -------- d-----w- c:\program files\Firefox
2010-04-01 17:17 . 2010-03-17 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-28 09:40 . 2004-08-04 12:00 54668 ----a-w- c:\windows\system32\perfc013.dat
2010-03-28 09:40 . 2004-08-04 12:00 367616 ----a-w- c:\windows\system32\perfh013.dat
2010-03-18 22:14 . 2010-03-17 14:24 44840 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 22:05 . 2010-03-18 22:05 -------- d-----w- c:\documents and settings\Brandon\Application Data\mIRC
2010-03-18 22:02 . 2010-03-17 14:18 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-18 17:18 . 2010-03-17 14:42 -------- d-----w- c:\program files\Microsoft Works
2010-03-17 19:02 . 2010-03-17 14:57 -------- d-----w- c:\documents and settings\Brandon\Application Data\ISP Monitor
2010-03-17 17:06 . 2010-03-17 14:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 16:51 . 2010-03-17 14:25 13312 ----a-w- c:\documents and settings\Brandon\Local Settings\Application Data\hide.exe
2010-03-17 16:50 . 2010-03-17 15:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-17 16:06 . 2010-03-17 15:51 -------- d-----w- c:\documents and settings\Brandon\Application Data\DAEMON Tools Lite
2010-03-17 15:52 . 2010-03-17 15:52 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-17 15:51 . 2010-03-17 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-03-17 15:48 . 2010-03-17 15:00 -------- d-----w- c:\program files\uTorrent
2010-03-17 15:15 . 2010-03-17 15:15 -------- d-----w- c:\program files\Microsoft
2010-03-17 15:15 . 2010-03-17 15:14 -------- d-----w- c:\program files\Windows Live
2010-03-17 15:15 . 2010-03-17 15:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-17 15:13 . 2010-03-17 15:13 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-17 14:58 . 2010-03-17 14:57 -------- d-----w- c:\program files\VLC
2010-03-17 14:57 . 2010-03-17 14:57 -------- d-----w- c:\program files\ISP Monitor
2010-03-17 14:56 . 2010-03-17 14:57 737280 ----a-w- c:\windows\iun6002.exe
2010-03-17 14:41 . 2010-03-17 14:41 0 ----a-w- c:\windows\nsreg.dat
2010-03-17 14:29 . 2010-03-17 14:29 -------- d-----w- c:\program files\AMD
2010-03-17 14:23 . 2010-03-17 14:23 -------- d-----w- c:\program files\Realtek
2010-03-17 14:23 . 2010-03-17 14:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-17 14:18 . 2010-03-17 14:18 -------- d-----w- c:\program files\microsoft frontpage
2010-03-17 14:16 . 2010-03-17 14:16 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-26 05:53 . 2004-08-04 12:00 670208 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:53 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-01_18.37.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-05 10:26 . 2010-04-05 10:26 16384 c:\windows\Temp\Perflib_Perfdata_e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2010-02-28 423536]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-18 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\OOBE\\msoobe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [17/03/2010 17:02 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/03/2010 18:46 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/03/2010 18:46 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 19:08 308064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/03/2010 17:52 691696]
S2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [16/01/2010 21:18 36864]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brandon\Application Data\Mozilla\Firefox\Profiles\swjzbdn7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-05 12:34
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1880)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-04-05 12:36:50
ComboFix-quarantined-files.txt 2010-04-05 10:36
ComboFix2.txt 2010-04-04 11:41

Pre-Run: 42 280 378 368 bytes beschikbaar
Post-Run: 42 273 992 704 bytes beschikbaar

- - End Of File - - CA7C4058F0770EC61B60CF6F163FEC7E

Ja ja , nu lijkt het er meer op.

Hoe gaat het nu ?

taakbeheer werkt prima

propere pc nu denkek? wa hebt ge feitlijk juist gedaan mee al die logs?

een rootkit verwijderd.

Download OTC.exe (by OldTimer)

• Plaats het bestand op je bureaublad.
• Zorg dat er een internetverbinding is.
• Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
• Klik nu op de knop "CleanUp!"
• Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
• OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.