Archief - trojan

ik krijg sinds een aantal dagen de melding van me virus scanner :

object http://91.212.226.182/inst_n82.exe
win32/trojandownloader.small.OUX trojaanspaard zal alvast hijackrThis log bestand mee sturen.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:48, on 20-2-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Windows\PLFSetI.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hyves.nl: always in touch with your friends
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7489 bytes
wie kan me helpen en wat moet ik doen.

alvast bedankt
gertjan

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
• Start MalwareBytes' Anti-Malware

Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
• Druk vervolgens op "Scannen" om de scan te starten.
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

hier is de maleware logfile:


Malwarebytes' Anti-Malware 1.44
Database versie: 3763
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21-2-2010 21:00:30
mbam-log-2010-02-21 (21-00-30).txt

Scan type: Snelle Scan
Objecten gescand: 112336
Verstreken tijd: 6 minute(s), 43 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 3

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.Downloader) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


en hier is de hijackthis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:56, on 21-2-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hyves.nl: always in touch with your friends
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [TOY5KNQ8OC] C:\Windows\TEMP\Tnm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOY5KNQ8OC] C:\Windows\TEMP\Tnm.exe (User 'Default user')
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7327 bytes

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
• Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
• Klik op OK in het "NirCmd" venstertje.
• Klik na afloop terug op Ja om het scannen op malware te starten.
• Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
• Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord

hier is de logbestand van combofix:

ComboFix 10-02-26.03 - gertjan 27-02-2010 16:55:53.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3062.1899 [GMT 1:00]
Gestart vanuit: c:\users\gertjan\Desktop\ComboFix.exe
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\gertjan\AppData\Local\odbcesentd9\odbcesentd9.dll
c:\users\gertjan\AppData\Roaming\Desktopicon
c:\users\gertjan\AppData\Roaming\Desktopicon\eBayShortcuts.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-27 to 2010-02-27 ))))))))))))))))))))))))))))))
.

2010-02-27 16:07 . 2010-02-27 16:11 -------- d-----w- c:\users\gertjan\AppData\Local\temp
2010-02-27 16:07 . 2010-02-27 16:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-27 16:07 . 2010-02-27 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-27 13:48 . 2010-02-27 13:52 -------- d-----w- c:\users\gertjan\AppData\Roaming\Static Windows Live Mail Backup
2010-02-27 13:47 . 2010-02-27 13:47 -------- d-----w- c:\program files\Static Windows Live Mail Backup
2010-02-27 13:38 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-27 13:37 . 2010-02-27 16:06 -------- d-----w- c:\users\gertjan\AppData\Local\odbcesentd9
2010-02-25 19:26 . 2010-02-27 15:49 -------- d-----w- c:\program files\7-Zip
2010-02-25 11:52 . 2010-02-25 11:56 -------- d-----w- c:\users\gertjan\AppData\Local\Babylon
2010-02-25 11:51 . 2010-02-25 11:51 -------- d-----w- c:\program files\Babylon
2010-02-25 11:51 . 2010-02-27 16:11 -------- d-----w- c:\programdata\Babylon
2010-02-25 11:51 . 2010-02-25 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Babylon
2010-02-24 09:11 . 2010-02-24 09:11 -------- d-----w- c:\users\gertjan\AppData\Roaming\ValuSoft
2010-02-23 22:01 . 2010-02-25 15:09 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-22 17:43 . 2010-02-22 17:43 -------- d-----w- c:\program files\Unlocker
2010-02-22 10:42 . 2010-02-22 10:44 -------- d-----w- c:\users\gertjan\AppData\Local\Electronic Arts
2010-02-22 03:39 . 2010-02-22 03:39 -------- d-----w- c:\windows\Sun
2010-02-21 20:08 . 2010-02-21 20:08 -------- d-----w- c:\program files\EGB3
2010-02-21 12:02 . 2010-02-20 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 23:31 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 23:31 . 2010-02-20 23:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-20 23:28 . 2010-02-20 23:28 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 23:28 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-20 23:27 . 2010-02-20 23:31 -------- d-----w- c:\programdata\Lavasoft
2010-02-20 23:27 . 2010-02-20 23:28 -------- d-----w- c:\program files\Lavasoft
2010-02-20 09:43 . 2010-02-20 10:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 19:03 . 2010-02-19 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 19:03 . 2010-02-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 18:48 . 2010-02-19 18:48 -------- d-----w- c:\windows\system32\Wat
2010-02-19 18:45 . 2010-02-19 18:45 -------- d-----w- c:\program files\Trend Micro
2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Osirius
2010-02-18 14:53 . 1998-10-01 14:22 302592 ----a-w- c:\windows\unin0413.exe
2010-02-16 19:17 . 2010-02-16 19:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-16 19:17 . 2010-02-16 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-11 22:34 . 2010-02-11 22:34 -------- d-----w- c:\program files\Windows Doctor
2010-02-10 23:32 . 2010-02-10 23:32 -------- d-----w- c:\programdata\SugarGames
2010-02-10 11:08 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 11:08 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 11:08 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 19:32 . 1999-03-02 15:32 81920 ----a-w- c:\windows\system32\Dlalrm32.dll
2010-02-09 19:31 . 1999-02-23 14:14 349184 ----a-w- c:\windows\system32\clav_qry.dll
2010-02-09 19:31 . 1999-01-13 17:01 233472 ----a-w- c:\windows\system32\Ilda32.dll
2010-02-09 19:31 . 1997-08-20 06:02 35328 ----a-w- c:\windows\system32\INETWH32.DLL
2010-02-09 19:31 . 1997-03-04 11:44 66560 ----a-w- c:\windows\system32\NMORENU.DLL
2010-02-09 19:31 . 1997-01-29 15:53 240640 ----a-w- c:\windows\system32\NMOCOD.DLL
2010-02-09 19:31 . 1997-01-29 15:46 48128 ----a-w- c:\windows\system32\NMSCKN.DLL
2010-02-09 19:31 . 2010-02-09 19:32 -------- d-----w- c:\program files\Davilex
2010-02-09 13:12 . 2010-02-09 13:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\Template
2010-02-08 17:28 . 2010-02-08 17:48 0 ----a-w- c:\windows\mfont.dat
2010-02-08 17:27 . 1999-06-10 10:06 415504 ----a-w- c:\windows\system32\msrepl35.dll
2010-02-08 17:27 . 1999-06-10 10:06 252176 ------w- c:\windows\system32\msrd2x35.dll
2010-02-08 17:27 . 1999-06-10 10:06 24848 ------w- c:\windows\system32\msjter35.dll
2010-02-08 17:27 . 1999-06-10 10:06 123664 ------w- c:\windows\system32\msjint35.dll
2010-02-08 17:27 . 1999-06-10 10:06 1046288 ------w- c:\windows\system32\msjet35.dll
2010-02-08 17:27 . 1998-05-08 14:06 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-08 17:27 . 1997-01-10 17:37 182784 ----a-w- c:\windows\system32\ddao35.dll
2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\program files\My Favorite Recipes
2010-02-08 07:52 . 2010-02-08 07:54 -------- d-----w- c:\users\gertjan\AppData\Local\Carta
2010-02-08 07:50 . 2010-02-08 07:50 -------- d-----w- c:\program files\Carta
2010-02-07 22:49 . 2010-02-07 22:49 -------- d-----w- c:\users\gertjan\AppData\Local\SmokeySoft
2010-02-07 22:45 . 2009-10-19 19:57 2669462 -c--a-w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}\ReceptenDBSetup.exe
2010-02-07 22:45 . 2010-02-07 22:45 -------- d-----w- c:\program files\SmokeySoft
2010-02-02 23:42 . 2010-02-02 23:42 -------- d-----w- c:\program files\Plus!
2010-02-02 12:13 . 2010-02-02 12:13 -------- d-----w- c:\users\gertjan\AppData\Roaming\Playrix Entertainment
2010-02-01 19:27 . 2010-02-01 19:28 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 14:35 . 2010-02-01 14:35 3 ----a-w- C:\BLINDEN.SYS
2010-02-01 14:34 . 1993-05-11 23:00 398416 ----a-w- c:\windows\system32\VBRUN300.DLL
2010-02-01 14:34 . 1998-01-23 11:20 305152 ----a-w- c:\windows\IsUn0413.exe
2010-01-30 17:18 . 2010-02-20 10:07 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-29 09:05 . 2010-01-29 09:07 -------- d-----w- c:\windows\WindowsMobile

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 16:14 . 2010-01-15 14:38 -------- d-----w- c:\users\gertjan\AppData\Roaming\uTorrent
2010-02-27 15:57 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-02-27 15:57 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-02-27 13:34 . 2010-01-15 14:09 112328 ----a-w- c:\users\gertjan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 22:45 . 2010-01-18 23:16 -------- d-----w- c:\programdata\SuperMP3Download
2010-02-26 21:08 . 2010-01-15 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 21:04 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-19 23:21 . 2010-01-28 10:04 -------- d-----w- c:\program files\Opera
2010-02-19 18:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-02-19 18:49 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-02-19 18:49 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-17 14:15 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-16 09:41 . 2010-01-18 23:40 -------- d-----w- c:\users\gertjan\AppData\Roaming\FrostWire
2010-02-16 09:02 . 2010-01-18 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:55 . 2010-01-15 13:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-14 17:55 . 2010-01-15 14:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-10 13:19 . 2010-01-15 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-02-09 13:12 . 2010-01-22 09:37 118 ----a-w- c:\users\gertjan\AppData\Roaming\wklnhst.dat
2010-02-07 22:45 . 2010-02-07 22:44 -------- dc-h--w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}
2010-02-05 07:22 . 2010-01-15 13:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-04 18:55 . 2010-01-15 13:20 -------- d-----w- c:\users\gertjan\AppData\Roaming\DAEMON Tools Lite
2010-02-04 18:47 . 2010-01-23 18:05 -------- d-----w- c:\users\gertjan\AppData\Roaming\vlc
2010-02-04 15:12 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-04 15:12 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-04 15:12 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-01-30 16:03 . 2010-01-25 08:00 -------- d-----w- c:\program files\RAR Password Unlocker
2010-01-29 09:17 . 2010-01-29 09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-28 09:50 . 2010-01-20 14:57 -------- d-----w- c:\users\gertjan\AppData\Roaming\ArcSoft
2010-01-28 09:25 . 2010-01-28 09:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\programdata\Fighters
2010-01-28 08:02 . 2010-01-28 08:02 -------- d-----w- c:\program files\Fighters
2010-01-28 07:16 . 2010-01-28 07:16 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 02:56 . 2010-01-18 23:28 -------- d-----w- c:\program files\Java
2010-01-26 22:33 . 2010-01-26 22:33 23 ----a-w- c:\windows\system32\krx220.dat
2010-01-26 22:33 . 2010-01-26 22:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\Kristanix Software
2010-01-26 08:16 . 2010-01-15 15:19 -------- d-----w- c:\users\gertjan\AppData\Roaming\NewsLeecher
2010-01-23 18:04 . 2010-01-23 18:04 -------- d-----w- c:\program files\VideoLAN
2010-01-23 08:48 . 2010-01-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-23 05:26 . 2010-01-15 15:11 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 02:01 . 2010-01-15 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\program files\Bit Che
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\users\gertjan\AppData\Roaming\Convivea
2010-01-22 07:34 . 2010-01-22 07:34 41296 ----a-r- c:\windows\system32\hlp95en.dll
2010-01-21 21:45 . 2010-01-15 15:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\URSoft
2010-01-21 18:30 . 2010-01-21 18:30 -------- d-----w- c:\users\gertjan\AppData\Roaming\ImgBurn
2010-01-21 13:48 . 2010-01-16 17:59 -------- d-----w- c:\program files\GemistDownloader
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\users\gertjan\AppData\Roaming\Intel
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\programdata\Roaming
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\programdata\Intel
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\program files\Cisco
2010-01-21 12:38 . 2010-01-15 16:50 -------- d-----w- c:\program files\Intel
2010-01-21 12:37 . 2010-01-21 12:37 -------- d-----w- c:\programdata\Broadcom
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI
2010-01-21 12:02 . 2010-01-21 12:02 -------- d-----w- c:\program files\Launch Manager
2010-01-21 11:50 . 2010-01-21 11:50 -------- d-----w- c:\program files\Broadcom
2010-01-21 11:36 . 2010-01-21 11:35 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\programdata\InstallShield
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\program files\SuYin
2010-01-21 11:33 . 2010-01-21 11:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\InstallShield
2010-01-21 09:45 . 2010-01-21 09:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-20 09:16 . 2010-01-15 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:06 . 2010-01-19 00:06 0 ----a-w- c:\users\gertjan\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-18 23:40 . 2010-01-15 14:43 -------- d-----w- c:\program files\FrostWire
2010-01-18 23:16 . 2010-01-18 23:16 -------- d-----w- c:\users\gertjan\AppData\Roaming\SuperMP3Download
2010-01-17 16:52 . 2010-01-17 16:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-17 07:09 . 2010-01-17 07:09 -------- d-----w- c:\program files\SuperMp3Download
2010-01-16 12:30 . 2010-01-16 12:30 -------- d-----w- c:\programdata\Sports Interactive
2010-01-16 12:29 . 2010-01-16 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Sports Interactive
2010-01-16 12:11 . 2010-01-16 12:08 -------- d--h--w- c:\program files\Zero G Registry
2010-01-15 19:24 . 2010-01-15 19:23 -------- d-----w- c:\users\gertjan\AppData\Roaming\CyberLink
2010-01-15 19:24 . 2010-01-15 14:26 -------- d-----w- c:\programdata\CyberLink
2010-01-15 19:15 . 2010-01-15 19:01 -------- d-----w- c:\users\gertjan\AppData\Roaming\Ahead
2010-01-15 19:01 . 2010-01-15 18:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\programdata\Nero
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Nero
2010-01-15 16:51 . 2010-01-15 16:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-15 15:47 . 2010-01-15 15:22 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:46 . 2010-01-15 15:46 -------- d-----w- c:\program files\CONEXANT
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\programdata\DVD Shrink
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\program files\DVD Shrink
2010-01-15 15:24 . 2010-01-15 15:06 -------- d-----w- c:\program files\Windows Live
2010-01-15 15:23 . 2010-01-15 15:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-15 15:15 . 2010-01-15 15:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Your Uninstaller
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-15 15:08 . 2010-01-15 15:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-15 15:03 . 2010-01-15 15:03 -------- d-----w- c:\program files\QuickPar
2010-01-15 14:57 . 2010-01-15 14:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-15 14:39 . 2010-01-15 14:39 -------- d-----w- c:\program files\uTorrent
2010-01-15 14:35 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Your Uninstaller! 2006 PRO
2010-01-15 14:32 . 2010-01-15 14:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\NewsLeecher
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\ImgBurn
2010-01-15 14:26 . 2010-01-15 14:24 -------- d-----w- c:\program files\CyberLink
2010-01-15 14:26 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-15 14:22 . 2010-01-15 14:23 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-15 14:22 . 2010-01-15 14:23 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-15 289584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-19 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-01 3706256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21-2-2010 0:31 64288]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16-11-2009 9:03 108792]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/15 15:26];c:\program files\CyberLink\PowerDVD9\000.fcl [1-9-2009 16:59 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16-11-2009 9:04 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [18-12-2009 15:02 95896]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 16:52 1229232]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S2 rmnspirn;Crcdisk Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [14-7-2009 0:19 20992]
S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\System32\drivers\netw5v32.sys [10-6-2009 22:18 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13-7-2009 23:13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13-7-2009 23:13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13-7-2009 23:13 661504]
S3 WatAdminSvc;WatAdminSvc;c:\windows\System32\Wat\WatAdminSvc.exe [19-2-2010 19:48 1343400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rmnspirn
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl/?&pageid=V1R0TMWA9SG84GGO
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86} = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-odbcesentd9 - c:\users\gertjan\AppData\Local\odbcesentd9\odbcesentd9.dll



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86116618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x853b76d0
QueryNameProcedure -> 0x853b7860
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-4240235451-1172685772-1022493641-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D61D7EDD-DC24-94AC-30EE-6488DE37A538}*]
"habcpjhppjlghkki"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
"iahbjlocadlpjeibkn"=hex:63,61,69,64,6b,64,00,00
"ialcjkoclpdcdnnani"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{9261A151-0AF5-4823-8CBD-EB99E80E7284}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00039FF64B6EB1FE"
"ScannerBuild"=dword:000018d5
"ScannerVersionId"=dword:00001293
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(5696)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\DllHost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Voltooingstijd: 2010-02-27 17:17:28 - machine werd herstart
ComboFix-quarantined-files.txt 2010-02-27 16:17
ComboFix2.txt 2010-02-19 19:35

Pre-Run: 57.579.307.008 bytes beschikbaar
Post-Run: 58.640.617.472 bytes beschikbaar

- - End Of File - - 23E6C397F22ADC7E1148776BCF59F88F

Download TDSSKiller.zip en plaats het op je bureaublad.

Pak de bestanden uit.

Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
Bij "Bestandsnaam" zet je: start.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.


Dubbelklik op start.bat
Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt.

Herstart daarna je computer.

Na de herstart maak je een nieuw logje met Combofix en deze post je ook hier in dit topic ter controle.

hier is de inhoud van report.txt :

15:13:22:796 6836 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
15:13:22:796 6836 ================================================================================
15:13:22:796 6836 SystemInfo:

15:13:22:796 6836 OS Version: 6.1.7600 ServicePack: 0.0
15:13:22:796 6836 Product type: Workstation
15:13:22:796 6836 ComputerName: GERTJAN-PC
15:13:22:812 6836 UserName: gertjan
15:13:22:812 6836 Windows directory: C:\Windows
15:13:22:812 6836 Processor architecture: Intel x86
15:13:22:812 6836 Number of processors: 2
15:13:22:812 6836 Page size: 0x1000
15:13:22:812 6836 Boot type: Normal boot
15:13:22:812 6836 ================================================================================
15:13:22:999 6836 UnloadDriverW: NtUnloadDriver error 2
15:13:22:999 6836 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:13:23:436 6836 Initialize success
15:13:23:436 6836
15:13:23:436 6836 Scanning Services ...
15:13:23:436 6836 wfopen_ex: Trying to open file C:\Windows\system32\config\system
15:13:23:436 6836 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:13:23:436 6836 wfopen_ex: Trying to KLMD file open
15:13:23:436 6836 wfopen_ex: File opened ok (Flags 2)
15:13:23:452 6836 wfopen_ex: Trying to open file C:\Windows\system32\config\software
15:13:23:452 6836 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:13:23:452 6836 wfopen_ex: Trying to KLMD file open
15:13:23:452 6836 wfopen_ex: File opened ok (Flags 2)
15:13:25:292 6836 GetAdvancedServicesInfo: Raw services enum returned 480 services
15:13:25:308 6836 fclose_ex: Trying to close file C:\Windows\system32\config\system
15:13:25:308 6836 fclose_ex: Trying to close file C:\Windows\system32\config\software
15:13:25:308 6836
15:13:25:308 6836 Scanning Kernel memory ...
15:13:25:308 6836 Devices to scan: 2
15:13:25:308 6836
15:13:25:308 6836 Driver Name: USBSTOR
15:13:25:308 6836 IRP_MJ_CREATE : 864301F8
15:13:25:308 6836 IRP_MJ_CREATE_NAMED_PIPE : 82AC6437
15:13:25:308 6836 IRP_MJ_CLOSE : 864301F8
15:13:25:308 6836 IRP_MJ_READ : 864301F8
15:13:25:308 6836 IRP_MJ_WRITE : 864301F8
15:13:25:308 6836 IRP_MJ_QUERY_INFORMATION : 82AC6437
15:13:25:308 6836 IRP_MJ_SET_INFORMATION : 82AC6437
15:13:25:308 6836 IRP_MJ_QUERY_EA : 82AC6437
15:13:25:308 6836 IRP_MJ_SET_EA : 82AC6437
15:13:25:308 6836 IRP_MJ_FLUSH_BUFFERS : 82AC6437
15:13:25:308 6836 IRP_MJ_QUERY_VOLUME_INFORMATION : 82AC6437
15:13:25:308 6836 IRP_MJ_SET_VOLUME_INFORMATION : 82AC6437
15:13:25:308 6836 IRP_MJ_DIRECTORY_CONTROL : 82AC6437
15:13:25:308 6836 IRP_MJ_FILE_SYSTEM_CONTROL : 82AC6437
15:13:25:308 6836 IRP_MJ_DEVICE_CONTROL : 864301F8
15:13:25:308 6836 IRP_MJ_INTERNAL_DEVICE_CONTROL : 864301F8
15:13:25:308 6836 IRP_MJ_SHUTDOWN : 82AC6437
15:13:25:308 6836 IRP_MJ_LOCK_CONTROL : 82AC6437
15:13:25:308 6836 IRP_MJ_CLEANUP : 82AC6437
15:13:25:308 6836 IRP_MJ_CREATE_MAILSLOT : 82AC6437
15:13:25:308 6836 IRP_MJ_QUERY_SECURITY : 82AC6437
15:13:25:308 6836 IRP_MJ_SET_SECURITY : 82AC6437
15:13:25:308 6836 IRP_MJ_POWER : 864301F8
15:13:25:308 6836 IRP_MJ_SYSTEM_CONTROL : 864301F8
15:13:25:308 6836 IRP_MJ_DEVICE_CHANGE : 82AC6437
15:13:25:308 6836 IRP_MJ_QUERY_QUOTA : 82AC6437
15:13:25:308 6836 IRP_MJ_SET_QUOTA : 82AC6437
15:13:25:339 6836 siohd: 0
15:13:25:339 6836 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:13:25:339 6836
15:13:25:339 6836 Driver Name: atapi
15:13:25:339 6836 IRP_MJ_CREATE : 8613D618
15:13:25:339 6836 IRP_MJ_CREATE_NAMED_PIPE : 8613D618
15:13:25:339 6836 IRP_MJ_CLOSE : 8613D618
15:13:25:339 6836 IRP_MJ_READ : 8613D618
15:13:25:339 6836 IRP_MJ_WRITE : 8613D618
15:13:25:339 6836 IRP_MJ_QUERY_INFORMATION : 8613D618
15:13:25:339 6836 IRP_MJ_SET_INFORMATION : 8613D618
15:13:25:339 6836 IRP_MJ_QUERY_EA : 8613D618
15:13:25:339 6836 IRP_MJ_SET_EA : 8613D618
15:13:25:339 6836 IRP_MJ_FLUSH_BUFFERS : 8613D618
15:13:25:339 6836 IRP_MJ_QUERY_VOLUME_INFORMATION : 8613D618
15:13:25:339 6836 IRP_MJ_SET_VOLUME_INFORMATION : 8613D618
15:13:25:339 6836 IRP_MJ_DIRECTORY_CONTROL : 8613D618
15:13:25:339 6836 IRP_MJ_FILE_SYSTEM_CONTROL : 8613D618
15:13:25:339 6836 IRP_MJ_DEVICE_CONTROL : 8613D618
15:13:25:339 6836 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8613D618
15:13:25:339 6836 IRP_MJ_SHUTDOWN : 8613D618
15:13:25:339 6836 IRP_MJ_LOCK_CONTROL : 8613D618
15:13:25:339 6836 IRP_MJ_CLEANUP : 8613D618
15:13:25:339 6836 IRP_MJ_CREATE_MAILSLOT : 8613D618
15:13:25:339 6836 IRP_MJ_QUERY_SECURITY : 8613D618
15:13:25:339 6836 IRP_MJ_SET_SECURITY : 8613D618
15:13:25:339 6836 IRP_MJ_POWER : 8613D618
15:13:25:339 6836 IRP_MJ_SYSTEM_CONTROL : 8613D618
15:13:25:339 6836 IRP_MJ_DEVICE_CHANGE : 8613D618
15:13:25:339 6836 IRP_MJ_QUERY_QUOTA : 8613D618
15:13:25:339 6836 IRP_MJ_SET_QUOTA : 8613D618
15:13:25:339 6836 ihd: 4, FFDF0308, 313, 101, 3, 89, 1
15:13:25:339 6836 Driver "atapi" Irp handler infected by TDSS rootkit ... 15:13:25:339 6836 cured
15:13:25:355 6836 siohd: 1
15:13:25:355 6836 Driver "atapi" StartIo handler infected by TDSS rootkit ... 15:13:25:355 6836 cured
15:13:25:370 6836 C:\Windows\system32\DRIVERS\atapi.sys - Verdict: Infected
15:13:25:370 6836 File C:\Windows\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 15:13:25:370 6836 Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
15:13:25:963 6836 vfvi6
15:13:26:088 6836 dsvbh1
15:13:27:445 6836 fdfb1
15:13:27:445 6836 Backup copy found, using it..
15:13:27:508 6836 will be cured on next reboot
15:13:27:508 6836 Reboot required for cure complete..
15:13:27:710 6836 Cure on reboot scheduled successfully
15:13:27:710 6836
15:13:27:710 6836 Completed
15:13:27:726 6836
15:13:27:726 6836 Results:
15:13:27:726 6836 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
15:13:27:726 6836 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:13:27:726 6836 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:13:27:726 6836
15:13:27:726 6836 UnloadDriverW: NtUnloadDriver error 1
15:13:27:726 6836 KLMD_Unload: UnloadDriverW(klmd21) error 1
15:13:27:742 6836 KLMD(ARK) unloaded successfully

en hier is de log file van combofix :

ComboFix 10-03-02.08 - gertjan 03-03-2010 15:24:52.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3062.1776 [GMT 1:00]
Gestart vanuit: c:\users\gertjan\Desktop\ComboFix.exe
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\GemistDownloader\msapi.dll
c:\program files\GemistDownloader\mstaskbar.dll
c:\windows\system32\ndlvdss.dll
c:\windows\system32\qpuztwca.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rmnspirn


(((((((((((((((((((( Bestanden Gemaakt van 2010-02-03 to 2010-03-03 ))))))))))))))))))))))))))))))
.

2010-03-03 14:33 . 2010-03-03 14:37 -------- d-----w- c:\users\gertjan\AppData\Local\temp
2010-03-03 14:33 . 2010-03-03 14:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-03 14:33 . 2010-03-03 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 15:59 . 2010-03-02 15:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-02 15:59 . 2010-03-02 15:59 138056 ----a-w- c:\users\gertjan\AppData\Roaming\PnkBstrK.sys
2010-03-02 15:58 . 2010-03-02 15:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-02 15:58 . 2010-03-02 15:58 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-02 15:58 . 2010-03-02 15:58 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-02 15:45 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 15:45 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 15:45 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 15:45 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-02 15:45 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-01 08:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 10:40 . 2001-10-05 19:02 143360 ----a-w- c:\windows\system32\Stamin32.Dll
2010-02-28 08:33 . 2010-02-28 08:33 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-02-27 13:48 . 2010-02-27 13:52 -------- d-----w- c:\users\gertjan\AppData\Roaming\Static Windows Live Mail Backup
2010-02-27 13:47 . 2010-02-27 13:47 -------- d-----w- c:\program files\Static Windows Live Mail Backup
2010-02-27 13:38 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-27 13:37 . 2010-02-27 16:06 -------- d-----w- c:\users\gertjan\AppData\Local\odbcesentd9
2010-02-25 19:26 . 2010-02-27 15:49 -------- d-----w- c:\program files\7-Zip
2010-02-25 11:52 . 2010-02-25 11:56 -------- d-----w- c:\users\gertjan\AppData\Local\Babylon
2010-02-25 11:51 . 2010-02-25 11:51 -------- d-----w- c:\program files\Babylon
2010-02-25 11:51 . 2010-03-03 14:37 -------- d-----w- c:\programdata\Babylon
2010-02-25 11:51 . 2010-02-28 08:39 -------- d-----w- c:\users\gertjan\AppData\Roaming\Babylon
2010-02-24 09:11 . 2010-02-24 09:11 -------- d-----w- c:\users\gertjan\AppData\Roaming\ValuSoft
2010-02-23 22:01 . 2010-02-25 15:09 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-22 17:43 . 2010-02-22 17:43 -------- d-----w- c:\program files\Unlocker
2010-02-22 10:42 . 2010-02-22 10:44 -------- d-----w- c:\users\gertjan\AppData\Local\Electronic Arts
2010-02-22 03:39 . 2010-02-22 03:39 -------- d-----w- c:\windows\Sun
2010-02-21 20:08 . 2010-02-21 20:08 -------- d-----w- c:\program files\EGB3
2010-02-21 12:02 . 2010-02-20 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 23:31 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 23:31 . 2010-02-20 23:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-20 23:28 . 2010-02-20 23:28 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 23:28 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-20 23:27 . 2010-02-20 23:31 -------- d-----w- c:\programdata\Lavasoft
2010-02-20 23:27 . 2010-02-20 23:28 -------- d-----w- c:\program files\Lavasoft
2010-02-20 09:43 . 2010-02-20 10:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 19:03 . 2010-02-19 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 19:03 . 2010-02-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 18:48 . 2010-02-19 18:48 -------- d-----w- c:\windows\system32\Wat
2010-02-19 18:45 . 2010-02-19 18:45 -------- d-----w- c:\program files\Trend Micro
2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Osirius
2010-02-18 14:53 . 1998-10-01 14:22 302592 ----a-w- c:\windows\unin0413.exe
2010-02-16 19:17 . 2010-02-16 19:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-16 19:17 . 2010-02-16 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-11 22:34 . 2010-02-11 22:34 -------- d-----w- c:\program files\Windows Doctor
2010-02-10 23:32 . 2010-02-10 23:32 -------- d-----w- c:\programdata\SugarGames
2010-02-10 11:08 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 11:08 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 11:08 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 19:32 . 1999-03-02 15:32 81920 ----a-w- c:\windows\system32\Dlalrm32.dll
2010-02-09 19:31 . 1999-02-23 14:14 349184 ----a-w- c:\windows\system32\clav_qry.dll
2010-02-09 19:31 . 1999-01-13 17:01 233472 ----a-w- c:\windows\system32\Ilda32.dll
2010-02-09 19:31 . 1997-08-20 06:02 35328 ----a-w- c:\windows\system32\INETWH32.DLL
2010-02-09 19:31 . 1997-03-04 11:44 66560 ----a-w- c:\windows\system32\NMORENU.DLL
2010-02-09 19:31 . 1997-01-29 15:53 240640 ----a-w- c:\windows\system32\NMOCOD.DLL
2010-02-09 19:31 . 1997-01-29 15:46 48128 ----a-w- c:\windows\system32\NMSCKN.DLL
2010-02-09 19:31 . 2010-02-09 19:32 -------- d-----w- c:\program files\Davilex
2010-02-09 13:12 . 2010-02-09 13:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\Template
2010-02-08 17:28 . 2010-02-08 17:48 0 ----a-w- c:\windows\mfont.dat
2010-02-08 17:27 . 1999-06-10 10:06 415504 ----a-w- c:\windows\system32\msrepl35.dll
2010-02-08 17:27 . 1999-06-10 10:06 252176 ------w- c:\windows\system32\msrd2x35.dll
2010-02-08 17:27 . 1999-06-10 10:06 24848 ------w- c:\windows\system32\msjter35.dll
2010-02-08 17:27 . 1999-06-10 10:06 123664 ------w- c:\windows\system32\msjint35.dll
2010-02-08 17:27 . 1999-06-10 10:06 1046288 ------w- c:\windows\system32\msjet35.dll
2010-02-08 17:27 . 1998-05-17 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-08 17:27 . 1997-01-10 17:37 182784 ----a-w- c:\windows\system32\ddao35.dll
2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\program files\My Favorite Recipes
2010-02-08 07:52 . 2010-02-08 07:54 -------- d-----w- c:\users\gertjan\AppData\Local\Carta
2010-02-08 07:50 . 2010-02-08 07:50 -------- d-----w- c:\program files\Carta
2010-02-07 22:49 . 2010-02-07 22:49 -------- d-----w- c:\users\gertjan\AppData\Local\SmokeySoft
2010-02-07 22:45 . 2009-10-19 19:57 2669462 -c--a-w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}\ReceptenDBSetup.exe
2010-02-07 22:45 . 2010-02-07 22:45 -------- d-----w- c:\program files\SmokeySoft
2010-02-02 23:42 . 2010-02-02 23:42 -------- d-----w- c:\program files\Plus!
2010-02-02 12:13 . 2010-02-02 12:13 -------- d-----w- c:\users\gertjan\AppData\Roaming\Playrix Entertainment
2010-02-01 19:27 . 2010-02-01 19:28 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 14:39 . 2010-01-15 14:38 -------- d-----w- c:\users\gertjan\AppData\Roaming\uTorrent
2010-03-03 14:32 . 2010-01-16 17:59 -------- d-----w- c:\program files\GemistDownloader
2010-03-03 14:18 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-01 18:50 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-03-01 18:50 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-02-28 11:23 . 2010-01-21 12:02 -------- d-----w- c:\program files\Launch Manager
2010-02-28 10:37 . 2010-01-18 23:16 -------- d-----w- c:\programdata\SuperMP3Download
2010-02-28 10:37 . 2010-01-18 23:40 -------- d-----w- c:\users\gertjan\AppData\Roaming\FrostWire
2010-02-28 08:39 . 2010-01-25 08:00 -------- d-----w- c:\program files\RAR Password Unlocker
2010-02-28 00:16 . 2010-01-15 15:03 -------- d-----w- c:\program files\QuickPar
2010-02-27 13:34 . 2010-01-15 14:09 112328 ----a-w- c:\users\gertjan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 21:08 . 2010-01-15 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 21:04 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 08:16 . 2010-01-15 13:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:21 . 2010-01-28 10:04 -------- d-----w- c:\program files\Opera
2010-02-19 18:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-02-19 18:49 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-02-19 18:49 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-16 09:02 . 2010-01-18 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:55 . 2010-01-15 13:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-14 17:55 . 2010-01-15 14:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-10 13:19 . 2010-01-15 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-02-09 13:12 . 2010-01-22 09:37 118 ----a-w- c:\users\gertjan\AppData\Roaming\wklnhst.dat
2010-02-07 22:45 . 2010-02-07 22:44 -------- dc-h--w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}
2010-02-05 07:22 . 2010-01-15 13:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-04 18:55 . 2010-01-15 13:20 -------- d-----w- c:\users\gertjan\AppData\Roaming\DAEMON Tools Lite
2010-02-04 18:47 . 2010-01-23 18:05 -------- d-----w- c:\users\gertjan\AppData\Roaming\vlc
2010-02-04 15:12 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-04 15:12 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-04 15:12 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-02-01 14:35 . 2010-02-01 14:35 3 ----a-w- C:\BLINDEN.SYS
2010-01-29 09:17 . 2010-01-29 09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-28 09:50 . 2010-01-20 14:57 -------- d-----w- c:\users\gertjan\AppData\Roaming\ArcSoft
2010-01-28 09:25 . 2010-01-28 09:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\programdata\Fighters
2010-01-28 08:02 . 2010-01-28 08:02 -------- d-----w- c:\program files\Fighters
2010-01-28 07:16 . 2010-01-28 07:16 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 02:56 . 2010-01-18 23:28 -------- d-----w- c:\program files\Java
2010-01-26 22:33 . 2010-01-26 22:33 23 ----a-w- c:\windows\system32\krx220.dat
2010-01-26 22:33 . 2010-01-26 22:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\Kristanix Software
2010-01-26 08:16 . 2010-01-15 15:19 -------- d-----w- c:\users\gertjan\AppData\Roaming\NewsLeecher
2010-01-23 18:04 . 2010-01-23 18:04 -------- d-----w- c:\program files\VideoLAN
2010-01-23 08:48 . 2010-01-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-23 05:26 . 2010-01-15 15:11 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 02:01 . 2010-01-15 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\program files\Bit Che
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\users\gertjan\AppData\Roaming\Convivea
2010-01-22 07:34 . 2010-01-22 07:34 41296 ----a-r- c:\windows\system32\hlp95en.dll
2010-01-21 21:45 . 2010-01-15 15:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\URSoft
2010-01-21 18:30 . 2010-01-21 18:30 -------- d-----w- c:\users\gertjan\AppData\Roaming\ImgBurn
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\users\gertjan\AppData\Roaming\Intel
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\programdata\Roaming
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\programdata\Intel
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\program files\Cisco
2010-01-21 12:38 . 2010-01-15 16:50 -------- d-----w- c:\program files\Intel
2010-01-21 12:37 . 2010-01-21 12:37 -------- d-----w- c:\programdata\Broadcom
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI
2010-01-21 11:50 . 2010-01-21 11:50 -------- d-----w- c:\program files\Broadcom
2010-01-21 11:36 . 2010-01-21 11:35 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\programdata\InstallShield
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\program files\SuYin
2010-01-21 11:33 . 2010-01-21 11:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\InstallShield
2010-01-21 09:45 . 2010-01-21 09:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-20 09:16 . 2010-01-15 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:06 . 2010-01-19 00:06 0 ----a-w- c:\users\gertjan\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-18 23:40 . 2010-01-15 14:43 -------- d-----w- c:\program files\FrostWire
2010-01-18 23:16 . 2010-01-18 23:16 -------- d-----w- c:\users\gertjan\AppData\Roaming\SuperMP3Download
2010-01-17 16:52 . 2010-01-17 16:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-17 07:09 . 2010-01-17 07:09 -------- d-----w- c:\program files\SuperMp3Download
2010-01-16 12:30 . 2010-01-16 12:30 -------- d-----w- c:\programdata\Sports Interactive
2010-01-16 12:29 . 2010-01-16 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Sports Interactive
2010-01-16 12:11 . 2010-01-16 12:08 -------- d--h--w- c:\program files\Zero G Registry
2010-01-15 19:24 . 2010-01-15 19:23 -------- d-----w- c:\users\gertjan\AppData\Roaming\CyberLink
2010-01-15 19:24 . 2010-01-15 14:26 -------- d-----w- c:\programdata\CyberLink
2010-01-15 19:15 . 2010-01-15 19:01 -------- d-----w- c:\users\gertjan\AppData\Roaming\Ahead
2010-01-15 19:01 . 2010-01-15 18:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\programdata\Nero
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Nero
2010-01-15 16:51 . 2010-01-15 16:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-15 15:47 . 2010-01-15 15:22 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:46 . 2010-01-15 15:46 -------- d-----w- c:\program files\CONEXANT
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\programdata\DVD Shrink
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\program files\DVD Shrink
2010-01-15 15:24 . 2010-01-15 15:06 -------- d-----w- c:\program files\Windows Live
2010-01-15 15:23 . 2010-01-15 15:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-15 15:15 . 2010-01-15 15:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Your Uninstaller
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-15 15:08 . 2010-01-15 15:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-15 14:57 . 2010-01-15 14:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-15 14:39 . 2010-01-15 14:39 -------- d-----w- c:\program files\uTorrent
2010-01-15 14:35 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Your Uninstaller! 2006 PRO
2010-01-15 14:32 . 2010-01-15 14:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\NewsLeecher
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\ImgBurn
2010-01-15 14:26 . 2010-01-15 14:24 -------- d-----w- c:\program files\CyberLink
2010-01-15 14:26 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\CyberLink
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}"
[HKEY_CLASSES_ROOT\CLSID\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-15 289584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-19 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-01 3706256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21-2-2010 0:31 64288]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16-11-2009 9:03 108792]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/15 15:26];c:\program files\CyberLink\PowerDVD9\000.fcl [1-9-2009 16:59 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16-11-2009 9:04 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [18-12-2009 15:02 95896]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 16:52 1229232]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\System32\drivers\netw5v32.sys [10-6-2009 22:18 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13-7-2009 23:13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13-7-2009 23:13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13-7-2009 23:13 661504]
S3 WatAdminSvc;WatAdminSvc;c:\windows\System32\Wat\WatAdminSvc.exe [19-2-2010 19:48 1343400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de 'Gedeelde Taken' map

2010-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:30]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl/?&pageid=V1R0TMWA9SG84GGO
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86} = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{2C0179FC-C906-4320-9A50-906663D3D994} - c:\windows\system32\qpuztwca.dll
SafeBoot-klmdb.sys



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8516E1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x851b66d0
QueryNameProcedure -> 0x851b6860
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-4240235451-1172685772-1022493641-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D61D7EDD-DC24-94AC-30EE-6488DE37A538}*]
"habcpjhppjlghkki"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
"iahbjlocadlpjeibkn"=hex:63,61,69,64,6b,64,00,00
"ialcjkoclpdcdnnani"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{9261A151-0AF5-4823-8CBD-EB99E80E7284}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00039FF64B6EB1FE"
"ScannerBuild"=dword:000018d5
"ScannerVersionId"=dword:00001293
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(832)
c:\windows\system32\ndlvdss.dll
c:\windows\system32\libssl32.dll
c:\windows\system32\LIBEAY32.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe
c:\mysql\bin\mysqld-nt.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\DllHost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Voltooingstijd: 2010-03-03 15:42:42 - machine werd herstart
ComboFix-quarantined-files.txt 2010-03-03 14:42
ComboFix2.txt 2010-02-27 16:17
ComboFix3.txt 2010-02-19 19:35

Pre-Run: 73.178.202.112 bytes beschikbaar
Post-Run: 73.322.258.432 bytes beschikbaar

- - End Of File - - C78255EF36CFE02F0A5AF1627C44B8D3

Nog een keer aub.

Download TDSSKiller.zip en plaats het op je bureaublad.

Pak de bestanden uit.

Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
Bij "Bestandsnaam" zet je: start.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.


Dubbelklik op start.bat
Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt.

Herstart daarna je computer.

Na de herstart maak je een nieuw logje met Combofix en deze post je ook hier in dit topic ter controle.

hier is het report.txt file :


09:19:50:879 2652 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
09:19:50:879 2652 ================================================================================
09:19:50:879 2652 SystemInfo:

09:19:50:879 2652 OS Version: 6.1.7600 ServicePack: 0.0
09:19:50:879 2652 Product type: Workstation
09:19:50:879 2652 ComputerName: GERTJAN-PC
09:19:50:879 2652 UserName: gertjan
09:19:50:879 2652 Windows directory: C:\Windows
09:19:50:879 2652 Processor architecture: Intel x86
09:19:50:879 2652 Number of processors: 2
09:19:50:879 2652 Page size: 0x1000
09:19:50:895 2652 Boot type: Normal boot
09:19:50:895 2652 ================================================================================
09:19:50:895 2652 UnloadDriverW: NtUnloadDriver error 2
09:19:50:895 2652 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
09:19:51:160 2652 Initialize success
09:19:51:160 2652
09:19:51:160 2652 Scanning Services ...
09:19:51:160 2652 wfopen_ex: Trying to open file C:\Windows\system32\config\system
09:19:51:160 2652 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
09:19:51:160 2652 wfopen_ex: Trying to KLMD file open
09:19:51:160 2652 wfopen_ex: File opened ok (Flags 2)
09:19:51:176 2652 wfopen_ex: Trying to open file C:\Windows\system32\config\software
09:19:51:176 2652 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
09:19:51:176 2652 wfopen_ex: Trying to KLMD file open
09:19:51:176 2652 wfopen_ex: File opened ok (Flags 2)
09:19:53:063 2652 GetAdvancedServicesInfo: Raw services enum returned 478 services
09:19:53:063 2652 fclose_ex: Trying to close file C:\Windows\system32\config\system
09:19:53:079 2652 fclose_ex: Trying to close file C:\Windows\system32\config\software
09:19:53:079 2652
09:19:53:079 2652 Scanning Kernel memory ...
09:19:53:079 2652 Devices to scan: 2
09:19:53:079 2652
09:19:53:079 2652 Driver Name: USBSTOR
09:19:53:079 2652 IRP_MJ_CREATE : 8627A1F8
09:19:53:079 2652 IRP_MJ_CREATE_NAMED_PIPE : 82AB5437
09:19:53:079 2652 IRP_MJ_CLOSE : 8627A1F8
09:19:53:079 2652 IRP_MJ_READ : 8627A1F8
09:19:53:079 2652 IRP_MJ_WRITE : 8627A1F8
09:19:53:079 2652 IRP_MJ_QUERY_INFORMATION : 82AB5437
09:19:53:079 2652 IRP_MJ_SET_INFORMATION : 82AB5437
09:19:53:079 2652 IRP_MJ_QUERY_EA : 82AB5437
09:19:53:079 2652 IRP_MJ_SET_EA : 82AB5437
09:19:53:079 2652 IRP_MJ_FLUSH_BUFFERS : 82AB5437
09:19:53:079 2652 IRP_MJ_QUERY_VOLUME_INFORMATION : 82AB5437
09:19:53:079 2652 IRP_MJ_SET_VOLUME_INFORMATION : 82AB5437
09:19:53:079 2652 IRP_MJ_DIRECTORY_CONTROL : 82AB5437
09:19:53:079 2652 IRP_MJ_FILE_SYSTEM_CONTROL : 82AB5437
09:19:53:079 2652 IRP_MJ_DEVICE_CONTROL : 8627A1F8
09:19:53:079 2652 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8627A1F8
09:19:53:079 2652 IRP_MJ_SHUTDOWN : 82AB5437
09:19:53:079 2652 IRP_MJ_LOCK_CONTROL : 82AB5437
09:19:53:079 2652 IRP_MJ_CLEANUP : 82AB5437
09:19:53:079 2652 IRP_MJ_CREATE_MAILSLOT : 82AB5437
09:19:53:079 2652 IRP_MJ_QUERY_SECURITY : 82AB5437
09:19:53:079 2652 IRP_MJ_SET_SECURITY : 82AB5437
09:19:53:079 2652 IRP_MJ_POWER : 8627A1F8
09:19:53:079 2652 IRP_MJ_SYSTEM_CONTROL : 8627A1F8
09:19:53:079 2652 IRP_MJ_DEVICE_CHANGE : 82AB5437
09:19:53:079 2652 IRP_MJ_QUERY_QUOTA : 82AB5437
09:19:53:079 2652 IRP_MJ_SET_QUOTA : 82AB5437
09:19:53:079 2652 siohd: 0
09:19:53:095 2652 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
09:19:53:095 2652
09:19:53:095 2652 Driver Name: atapi
09:19:53:095 2652 IRP_MJ_CREATE : 8516E1F8
09:19:53:095 2652 IRP_MJ_CREATE_NAMED_PIPE : 82AB5437
09:19:53:095 2652 IRP_MJ_CLOSE : 8516E1F8
09:19:53:095 2652 IRP_MJ_READ : 82AB5437
09:19:53:095 2652 IRP_MJ_WRITE : 82AB5437
09:19:53:095 2652 IRP_MJ_QUERY_INFORMATION : 82AB5437
09:19:53:095 2652 IRP_MJ_SET_INFORMATION : 82AB5437
09:19:53:095 2652 IRP_MJ_QUERY_EA : 82AB5437
09:19:53:095 2652 IRP_MJ_SET_EA : 82AB5437
09:19:53:095 2652 IRP_MJ_FLUSH_BUFFERS : 82AB5437
09:19:53:095 2652 IRP_MJ_QUERY_VOLUME_INFORMATION : 82AB5437
09:19:53:095 2652 IRP_MJ_SET_VOLUME_INFORMATION : 82AB5437
09:19:53:095 2652 IRP_MJ_DIRECTORY_CONTROL : 82AB5437
09:19:53:095 2652 IRP_MJ_FILE_SYSTEM_CONTROL : 82AB5437
09:19:53:095 2652 IRP_MJ_DEVICE_CONTROL : 8516E1F8
09:19:53:095 2652 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8516E1F8
09:19:53:095 2652 IRP_MJ_SHUTDOWN : 82AB5437
09:19:53:095 2652 IRP_MJ_LOCK_CONTROL : 82AB5437
09:19:53:095 2652 IRP_MJ_CLEANUP : 82AB5437
09:19:53:095 2652 IRP_MJ_CREATE_MAILSLOT : 82AB5437
09:19:53:095 2652 IRP_MJ_QUERY_SECURITY : 82AB5437
09:19:53:095 2652 IRP_MJ_SET_SECURITY : 82AB5437
09:19:53:095 2652 IRP_MJ_POWER : 8516E1F8
09:19:53:095 2652 IRP_MJ_SYSTEM_CONTROL : 8516E1F8
09:19:53:095 2652 IRP_MJ_DEVICE_CHANGE : 82AB5437
09:19:53:095 2652 IRP_MJ_QUERY_QUOTA : 82AB5437
09:19:53:095 2652 IRP_MJ_SET_QUOTA : 82AB5437
09:19:53:126 2652 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
09:19:53:126 2652 sion
09:19:53:126 2652 C:\Windows\system32\drivers\atapi.sys - Verdict: Clean
09:19:53:126 2652
09:19:53:126 2652 Completed
09:19:53:126 2652
09:19:53:126 2652 Results:
09:19:53:126 2652 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
09:19:53:126 2652 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:19:53:126 2652 File objects infected / cured / cured on reboot: 0 / 0 / 0
09:19:53:126 2652
09:19:53:126 2652 KLMD(ARK) unloaded successfully

en hier is de logfile van combo fix:

ComboFix 10-03-03.06 - gertjan 04-03-2010 9:56.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3062.1879 [GMT 1:00]
Gestart vanuit: c:\users\gertjan\Desktop\ComboFix.exe
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ndlvdss.dll
c:\windows\system32\qpuztwca.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rmnspirn


(((((((((((((((((((( Bestanden Gemaakt van 2010-02-04 to 2010-03-04 ))))))))))))))))))))))))))))))
.

2010-03-04 09:04 . 2010-03-04 09:11 -------- d-----w- c:\users\gertjan\AppData\Local\temp
2010-03-04 09:04 . 2010-03-04 09:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-04 09:04 . 2010-03-04 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 15:28 . 2010-03-03 15:28 -------- d-----w- c:\users\gertjan\AppData\Local\PunkBuster
2010-03-02 15:59 . 2010-03-02 15:59 138056 ----a-w- c:\users\gertjan\AppData\Roaming\PnkBstrK.sys
2010-03-02 15:45 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 15:45 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 15:45 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 15:45 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-02 15:45 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-01 08:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 10:40 . 2001-10-05 19:02 143360 ----a-w- c:\windows\system32\Stamin32.Dll
2010-02-28 08:33 . 2010-02-28 08:33 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-02-27 13:48 . 2010-02-27 13:52 -------- d-----w- c:\users\gertjan\AppData\Roaming\Static Windows Live Mail Backup
2010-02-27 13:47 . 2010-02-27 13:47 -------- d-----w- c:\program files\Static Windows Live Mail Backup
2010-02-27 13:38 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-27 13:37 . 2010-02-27 16:06 -------- d-----w- c:\users\gertjan\AppData\Local\odbcesentd9
2010-02-25 19:26 . 2010-02-27 15:49 -------- d-----w- c:\program files\7-Zip
2010-02-25 11:52 . 2010-02-25 11:56 -------- d-----w- c:\users\gertjan\AppData\Local\Babylon
2010-02-25 11:51 . 2010-02-25 11:51 -------- d-----w- c:\program files\Babylon
2010-02-25 11:51 . 2010-03-04 09:11 -------- d-----w- c:\programdata\Babylon
2010-02-25 11:51 . 2010-02-28 08:39 -------- d-----w- c:\users\gertjan\AppData\Roaming\Babylon
2010-02-24 09:11 . 2010-02-24 09:11 -------- d-----w- c:\users\gertjan\AppData\Roaming\ValuSoft
2010-02-23 22:01 . 2010-02-25 15:09 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-22 17:43 . 2010-02-22 17:43 -------- d-----w- c:\program files\Unlocker
2010-02-22 10:42 . 2010-02-22 10:44 -------- d-----w- c:\users\gertjan\AppData\Local\Electronic Arts
2010-02-22 03:39 . 2010-02-22 03:39 -------- d-----w- c:\windows\Sun
2010-02-21 20:08 . 2010-02-21 20:08 -------- d-----w- c:\program files\EGB3
2010-02-21 12:02 . 2010-02-20 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 23:31 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 23:31 . 2010-02-20 23:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-20 23:28 . 2010-02-20 23:28 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 23:28 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-20 23:27 . 2010-02-20 23:31 -------- d-----w- c:\programdata\Lavasoft
2010-02-20 23:27 . 2010-02-20 23:28 -------- d-----w- c:\program files\Lavasoft
2010-02-20 09:43 . 2010-02-20 10:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 19:03 . 2010-02-19 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 19:03 . 2010-02-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 18:48 . 2010-02-19 18:48 -------- d-----w- c:\windows\system32\Wat
2010-02-19 18:45 . 2010-02-19 18:45 -------- d-----w- c:\program files\Trend Micro
2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Osirius
2010-02-18 14:53 . 1998-10-01 14:22 302592 ----a-w- c:\windows\unin0413.exe
2010-02-16 19:17 . 2010-02-16 19:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-16 19:17 . 2010-02-16 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-11 22:34 . 2010-02-11 22:34 -------- d-----w- c:\program files\Windows Doctor
2010-02-10 23:32 . 2010-02-10 23:32 -------- d-----w- c:\programdata\SugarGames
2010-02-10 11:08 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 11:08 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 11:08 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 19:32 . 1999-03-02 15:32 81920 ----a-w- c:\windows\system32\Dlalrm32.dll
2010-02-09 19:31 . 1999-02-23 14:14 349184 ----a-w- c:\windows\system32\clav_qry.dll
2010-02-09 19:31 . 1999-01-13 17:01 233472 ----a-w- c:\windows\system32\Ilda32.dll
2010-02-09 19:31 . 1997-08-20 06:02 35328 ----a-w- c:\windows\system32\INETWH32.DLL
2010-02-09 19:31 . 1997-03-04 11:44 66560 ----a-w- c:\windows\system32\NMORENU.DLL
2010-02-09 19:31 . 1997-01-29 15:53 240640 ----a-w- c:\windows\system32\NMOCOD.DLL
2010-02-09 19:31 . 1997-01-29 15:46 48128 ----a-w- c:\windows\system32\NMSCKN.DLL
2010-02-09 19:31 . 2010-02-09 19:32 -------- d-----w- c:\program files\Davilex
2010-02-09 13:12 . 2010-02-09 13:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\Template
2010-02-08 17:28 . 2010-02-08 17:48 0 ----a-w- c:\windows\mfont.dat
2010-02-08 17:27 . 1999-06-10 10:06 415504 ----a-w- c:\windows\system32\msrepl35.dll
2010-02-08 17:27 . 1999-06-10 10:06 252176 ------w- c:\windows\system32\msrd2x35.dll
2010-02-08 17:27 . 1999-06-10 10:06 24848 ------w- c:\windows\system32\msjter35.dll
2010-02-08 17:27 . 1999-06-10 10:06 123664 ------w- c:\windows\system32\msjint35.dll
2010-02-08 17:27 . 1999-06-10 10:06 1046288 ------w- c:\windows\system32\msjet35.dll
2010-02-08 17:27 . 1998-05-17 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-08 17:27 . 1997-01-10 17:37 182784 ----a-w- c:\windows\system32\ddao35.dll
2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\program files\My Favorite Recipes
2010-02-08 07:52 . 2010-02-08 07:54 -------- d-----w- c:\users\gertjan\AppData\Local\Carta
2010-02-08 07:50 . 2010-02-08 07:50 -------- d-----w- c:\program files\Carta
2010-02-07 22:49 . 2010-02-07 22:49 -------- d-----w- c:\users\gertjan\AppData\Local\SmokeySoft
2010-02-07 22:45 . 2009-10-19 19:57 2669462 -c--a-w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}\ReceptenDBSetup.exe
2010-02-07 22:45 . 2010-02-07 22:45 -------- d-----w- c:\program files\SmokeySoft
2010-02-02 23:42 . 2010-02-02 23:42 -------- d-----w- c:\program files\Plus!
2010-02-02 12:13 . 2010-02-02 12:13 -------- d-----w- c:\users\gertjan\AppData\Roaming\Playrix Entertainment

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 09:13 . 2010-01-15 14:38 -------- d-----w- c:\users\gertjan\AppData\Roaming\uTorrent
2010-03-03 14:32 . 2010-01-16 17:59 -------- d-----w- c:\program files\GemistDownloader
2010-03-03 14:18 . 2009-07-13 23:11 21584 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-01 18:50 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-03-01 18:50 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-02-28 11:23 . 2010-01-21 12:02 -------- d-----w- c:\program files\Launch Manager
2010-02-28 10:37 . 2010-01-18 23:16 -------- d-----w- c:\programdata\SuperMP3Download
2010-02-28 10:37 . 2010-01-18 23:40 -------- d-----w- c:\users\gertjan\AppData\Roaming\FrostWire
2010-02-28 08:39 . 2010-01-25 08:00 -------- d-----w- c:\program files\RAR Password Unlocker
2010-02-28 00:16 . 2010-01-15 15:03 -------- d-----w- c:\program files\QuickPar
2010-02-27 13:34 . 2010-01-15 14:09 112328 ----a-w- c:\users\gertjan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 21:08 . 2010-01-15 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 21:04 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 08:16 . 2010-01-15 13:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:21 . 2010-01-28 10:04 -------- d-----w- c:\program files\Opera
2010-02-19 18:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-02-19 18:49 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-02-19 18:49 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-16 09:02 . 2010-01-18 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:55 . 2010-01-15 13:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-14 17:55 . 2010-01-15 14:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-10 13:19 . 2010-01-15 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-02-09 13:12 . 2010-01-22 09:37 118 ----a-w- c:\users\gertjan\AppData\Roaming\wklnhst.dat
2010-02-07 22:45 . 2010-02-07 22:44 -------- dc-h--w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}
2010-02-05 07:22 . 2010-01-15 13:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-04 18:55 . 2010-01-15 13:20 -------- d-----w- c:\users\gertjan\AppData\Roaming\DAEMON Tools Lite
2010-02-04 18:47 . 2010-01-23 18:05 -------- d-----w- c:\users\gertjan\AppData\Roaming\vlc
2010-02-04 15:12 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-04 15:12 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-04 15:12 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-02-01 19:28 . 2010-02-01 19:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 14:35 . 2010-02-01 14:35 3 ----a-w- C:\BLINDEN.SYS
2010-01-29 09:17 . 2010-01-29 09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-28 09:50 . 2010-01-20 14:57 -------- d-----w- c:\users\gertjan\AppData\Roaming\ArcSoft
2010-01-28 09:25 . 2010-01-28 09:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\programdata\Fighters
2010-01-28 08:02 . 2010-01-28 08:02 -------- d-----w- c:\program files\Fighters
2010-01-28 07:16 . 2010-01-28 07:16 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 02:56 . 2010-01-18 23:28 -------- d-----w- c:\program files\Java
2010-01-26 22:33 . 2010-01-26 22:33 23 ----a-w- c:\windows\system32\krx220.dat
2010-01-26 22:33 . 2010-01-26 22:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\Kristanix Software
2010-01-26 08:16 . 2010-01-15 15:19 -------- d-----w- c:\users\gertjan\AppData\Roaming\NewsLeecher
2010-01-23 18:04 . 2010-01-23 18:04 -------- d-----w- c:\program files\VideoLAN
2010-01-23 08:48 . 2010-01-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-23 05:26 . 2010-01-15 15:11 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 02:01 . 2010-01-15 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\program files\Bit Che
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\users\gertjan\AppData\Roaming\Convivea
2010-01-22 07:34 . 2010-01-22 07:34 41296 ----a-r- c:\windows\system32\hlp95en.dll
2010-01-21 21:45 . 2010-01-15 15:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\URSoft
2010-01-21 18:30 . 2010-01-21 18:30 -------- d-----w- c:\users\gertjan\AppData\Roaming\ImgBurn
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\users\gertjan\AppData\Roaming\Intel
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\programdata\Roaming
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\programdata\Intel
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\program files\Cisco
2010-01-21 12:38 . 2010-01-15 16:50 -------- d-----w- c:\program files\Intel
2010-01-21 12:37 . 2010-01-21 12:37 -------- d-----w- c:\programdata\Broadcom
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI
2010-01-21 11:50 . 2010-01-21 11:50 -------- d-----w- c:\program files\Broadcom
2010-01-21 11:36 . 2010-01-21 11:35 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\programdata\InstallShield
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\program files\SuYin
2010-01-21 11:33 . 2010-01-21 11:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\InstallShield
2010-01-21 09:45 . 2010-01-21 09:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-20 09:16 . 2010-01-15 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:06 . 2010-01-19 00:06 0 ----a-w- c:\users\gertjan\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-18 23:40 . 2010-01-15 14:43 -------- d-----w- c:\program files\FrostWire
2010-01-18 23:16 . 2010-01-18 23:16 -------- d-----w- c:\users\gertjan\AppData\Roaming\SuperMP3Download
2010-01-17 16:52 . 2010-01-17 16:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-17 07:09 . 2010-01-17 07:09 -------- d-----w- c:\program files\SuperMp3Download
2010-01-16 12:30 . 2010-01-16 12:30 -------- d-----w- c:\programdata\Sports Interactive
2010-01-16 12:29 . 2010-01-16 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Sports Interactive
2010-01-16 12:11 . 2010-01-16 12:08 -------- d--h--w- c:\program files\Zero G Registry
2010-01-15 19:24 . 2010-01-15 19:23 -------- d-----w- c:\users\gertjan\AppData\Roaming\CyberLink
2010-01-15 19:24 . 2010-01-15 14:26 -------- d-----w- c:\programdata\CyberLink
2010-01-15 19:15 . 2010-01-15 19:01 -------- d-----w- c:\users\gertjan\AppData\Roaming\Ahead
2010-01-15 19:01 . 2010-01-15 18:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\programdata\Nero
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Nero
2010-01-15 16:51 . 2010-01-15 16:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-15 15:47 . 2010-01-15 15:22 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:46 . 2010-01-15 15:46 -------- d-----w- c:\program files\CONEXANT
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\programdata\DVD Shrink
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\program files\DVD Shrink
2010-01-15 15:24 . 2010-01-15 15:06 -------- d-----w- c:\program files\Windows Live
2010-01-15 15:23 . 2010-01-15 15:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-15 15:15 . 2010-01-15 15:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Your Uninstaller
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-15 15:08 . 2010-01-15 15:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-15 14:57 . 2010-01-15 14:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-15 14:39 . 2010-01-15 14:39 -------- d-----w- c:\program files\uTorrent
2010-01-15 14:35 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Your Uninstaller! 2006 PRO
2010-01-15 14:32 . 2010-01-15 14:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\NewsLeecher
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\ImgBurn
2010-01-15 14:26 . 2010-01-15 14:24 -------- d-----w- c:\program files\CyberLink
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C0179FC-C906-4320-9A50-906663D3D994}]
c:\windows\system32\qpuztwca.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}"
[HKEY_CLASSES_ROOT\CLSID\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-15 289584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-19 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-01 3706256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21-2-2010 0:31 64288]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16-11-2009 9:03 108792]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/15 15:26];c:\program files\CyberLink\PowerDVD9\000.fcl [1-9-2009 16:59 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16-11-2009 9:04 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [18-12-2009 15:02 95896]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 16:52 1229232]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\System32\drivers\netw5v32.sys [10-6-2009 22:18 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13-7-2009 23:13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13-7-2009 23:13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13-7-2009 23:13 661504]
S3 WatAdminSvc;WatAdminSvc;c:\windows\System32\Wat\WatAdminSvc.exe [19-2-2010 19:48 1343400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de 'Gedeelde Taken' map

2010-03-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:30]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl/?&pageid=V1R0TMWA9SG84GGO
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86} = 208.67.222.222,208.67.220.220
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8516E1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x851b66d0
QueryNameProcedure -> 0x851b6860
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-4240235451-1172685772-1022493641-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D61D7EDD-DC24-94AC-30EE-6488DE37A538}*]
"habcpjhppjlghkki"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
"iahbjlocadlpjeibkn"=hex:63,61,69,64,6b,64,00,00
"ialcjkoclpdcdnnani"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{9261A151-0AF5-4823-8CBD-EB99E80E7284}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00039FF64B6EB1FE"
"ScannerBuild"=dword:000018d5
"ScannerVersionId"=dword:00001293
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(1772)
c:\windows\system32\ndlvdss.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\libssl32.dll
c:\windows\system32\LIBEAY32.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Voltooingstijd: 2010-03-04 10:16:01 - machine werd herstart
ComboFix-quarantined-files.txt 2010-03-04 09:16
ComboFix2.txt 2010-03-03 14:42
ComboFix3.txt 2010-02-27 16:17
ComboFix4.txt 2010-02-19 19:35

Pre-Run: 73.354.981.376 bytes beschikbaar
Post-Run: 72.998.785.024 bytes beschikbaar

- - End Of File - - 382B23A8DAFC7B67F0CF15252AF93D12

Je voert het toch wel uit als administrator toch ?

Probeer het zo eens.

Download TDSSKiller naar je bureaublad en pak het bestand vervolgens uit

• Dubbelklik op TDSSKiller.exe om het programma te starten.
• Wanneer het programma klaar is, zal er een log op de C:\ schijf worden aangemaakt. De bestandsnaam van dat logje begint met TDSSKiller.
• Post de inhoud van het logje in je volgende bericht.

hier is de gevraagde logje :


21:12:44:590 2116 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
21:12:44:590 2116 ================================================================================
21:12:44:590 2116 SystemInfo:

21:12:44:590 2116 OS Version: 6.1.7600 ServicePack: 0.0
21:12:44:590 2116 Product type: Workstation
21:12:44:590 2116 ComputerName: GERTJAN-PC
21:12:44:605 2116 UserName: gertjan
21:12:44:605 2116 Windows directory: C:\Windows
21:12:44:605 2116 Processor architecture: Intel x86
21:12:44:605 2116 Number of processors: 2
21:12:44:605 2116 Page size: 0x1000
21:12:44:605 2116 Boot type: Normal boot
21:12:44:605 2116 ================================================================================
21:12:44:605 2116 UnloadDriverW: NtUnloadDriver error 2
21:12:44:605 2116 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:12:51:641 2116 Initialize success
21:12:51:641 2116
21:12:51:641 2116 Scanning Services ...
21:12:51:641 2116 wfopen_ex: Trying to open file C:\Windows\system32\config\system
21:12:51:641 2116 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:12:51:641 2116 wfopen_ex: Trying to KLMD file open
21:12:51:641 2116 wfopen_ex: File opened ok (Flags 2)
21:12:51:657 2116 wfopen_ex: Trying to open file C:\Windows\system32\config\software
21:12:51:657 2116 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:12:51:657 2116 wfopen_ex: Trying to KLMD file open
21:12:51:657 2116 wfopen_ex: File opened ok (Flags 2)
21:12:52:936 2116 GetAdvancedServicesInfo: Raw services enum returned 478 services
21:12:52:951 2116 fclose_ex: Trying to close file C:\Windows\system32\config\system
21:12:52:951 2116 fclose_ex: Trying to close file C:\Windows\system32\config\software
21:12:52:951 2116
21:12:52:951 2116 Scanning Kernel memory ...
21:12:52:951 2116 Devices to scan: 2
21:12:52:951 2116
21:12:52:951 2116 Driver Name: USBSTOR
21:12:52:951 2116 IRP_MJ_CREATE : 862851F8
21:12:52:951 2116 IRP_MJ_CREATE_NAMED_PIPE : 82AB7437
21:12:52:951 2116 IRP_MJ_CLOSE : 862851F8
21:12:52:951 2116 IRP_MJ_READ : 862851F8
21:12:52:951 2116 IRP_MJ_WRITE : 862851F8
21:12:52:951 2116 IRP_MJ_QUERY_INFORMATION : 82AB7437
21:12:52:951 2116 IRP_MJ_SET_INFORMATION : 82AB7437
21:12:52:951 2116 IRP_MJ_QUERY_EA : 82AB7437
21:12:52:951 2116 IRP_MJ_SET_EA : 82AB7437
21:12:52:951 2116 IRP_MJ_FLUSH_BUFFERS : 82AB7437
21:12:52:951 2116 IRP_MJ_QUERY_VOLUME_INFORMATION : 82AB7437
21:12:52:951 2116 IRP_MJ_SET_VOLUME_INFORMATION : 82AB7437
21:12:52:951 2116 IRP_MJ_DIRECTORY_CONTROL : 82AB7437
21:12:52:951 2116 IRP_MJ_FILE_SYSTEM_CONTROL : 82AB7437
21:12:52:951 2116 IRP_MJ_DEVICE_CONTROL : 862851F8
21:12:52:951 2116 IRP_MJ_INTERNAL_DEVICE_CONTROL : 862851F8
21:12:52:951 2116 IRP_MJ_SHUTDOWN : 82AB7437
21:12:52:951 2116 IRP_MJ_LOCK_CONTROL : 82AB7437
21:12:52:951 2116 IRP_MJ_CLEANUP : 82AB7437
21:12:52:951 2116 IRP_MJ_CREATE_MAILSLOT : 82AB7437
21:12:52:951 2116 IRP_MJ_QUERY_SECURITY : 82AB7437
21:12:52:951 2116 IRP_MJ_SET_SECURITY : 82AB7437
21:12:52:951 2116 IRP_MJ_POWER : 862851F8
21:12:52:951 2116 IRP_MJ_SYSTEM_CONTROL : 862851F8
21:12:52:951 2116 IRP_MJ_DEVICE_CHANGE : 82AB7437
21:12:52:951 2116 IRP_MJ_QUERY_QUOTA : 82AB7437
21:12:52:951 2116 IRP_MJ_SET_QUOTA : 82AB7437
21:12:52:951 2116 siohd: 0
21:12:52:967 2116 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
21:12:52:967 2116
21:12:52:967 2116 Driver Name: atapi
21:12:52:967 2116 IRP_MJ_CREATE : 8516E1F8
21:12:52:967 2116 IRP_MJ_CREATE_NAMED_PIPE : 82AB7437
21:12:52:967 2116 IRP_MJ_CLOSE : 8516E1F8
21:12:52:967 2116 IRP_MJ_READ : 82AB7437
21:12:52:967 2116 IRP_MJ_WRITE : 82AB7437
21:12:52:967 2116 IRP_MJ_QUERY_INFORMATION : 82AB7437
21:12:52:967 2116 IRP_MJ_SET_INFORMATION : 82AB7437
21:12:52:967 2116 IRP_MJ_QUERY_EA : 82AB7437
21:12:52:967 2116 IRP_MJ_SET_EA : 82AB7437
21:12:52:967 2116 IRP_MJ_FLUSH_BUFFERS : 82AB7437
21:12:52:967 2116 IRP_MJ_QUERY_VOLUME_INFORMATION : 82AB7437
21:12:52:967 2116 IRP_MJ_SET_VOLUME_INFORMATION : 82AB7437
21:12:52:967 2116 IRP_MJ_DIRECTORY_CONTROL : 82AB7437
21:12:52:967 2116 IRP_MJ_FILE_SYSTEM_CONTROL : 82AB7437
21:12:52:967 2116 IRP_MJ_DEVICE_CONTROL : 8516E1F8
21:12:52:967 2116 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8516E1F8
21:12:52:967 2116 IRP_MJ_SHUTDOWN : 82AB7437
21:12:52:967 2116 IRP_MJ_LOCK_CONTROL : 82AB7437
21:12:52:967 2116 IRP_MJ_CLEANUP : 82AB7437
21:12:52:967 2116 IRP_MJ_CREATE_MAILSLOT : 82AB7437
21:12:52:967 2116 IRP_MJ_QUERY_SECURITY : 82AB7437
21:12:52:967 2116 IRP_MJ_SET_SECURITY : 82AB7437
21:12:52:967 2116 IRP_MJ_POWER : 8516E1F8
21:12:52:967 2116 IRP_MJ_SYSTEM_CONTROL : 8516E1F8
21:12:52:967 2116 IRP_MJ_DEVICE_CHANGE : 82AB7437
21:12:52:967 2116 IRP_MJ_QUERY_QUOTA : 82AB7437
21:12:52:967 2116 IRP_MJ_SET_QUOTA : 82AB7437
21:12:52:998 2116 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
21:12:52:998 2116 sion
21:12:52:998 2116 C:\Windows\system32\drivers\atapi.sys - Verdict: Clean
21:12:52:998 2116
21:12:52:998 2116 Completed
21:12:52:998 2116
21:12:52:998 2116 Results:
21:12:52:998 2116 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:12:52:998 2116 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:12:52:998 2116 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:12:52:998 2116
21:12:52:998 2116 KLMD(ARK) unloaded successfully

Nieuw combofix logje ook aub.

hier is combofix :

ComboFix 10-03-07.05 - gertjan 08-03-2010 17:28:09.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3062.1916 [GMT 1:00]
Gestart vanuit: c:\users\gertjan\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ndlvdss.dll
c:\windows\system32\qpuztwca.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rmnspirn


(((((((((((((((((((( Bestanden Gemaakt van 2010-02-08 to 2010-03-08 ))))))))))))))))))))))))))))))
.

2010-03-08 16:36 . 2010-03-08 16:39 -------- d-----w- c:\users\gertjan\AppData\Local\temp
2010-03-08 16:36 . 2010-03-08 16:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-08 16:36 . 2010-03-08 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-07 08:36 . 2010-03-07 08:36 -------- d-----w- c:\users\gertjan\AppData\Roaming\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\programdata\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\program files\MessengerDiscovery 2
2010-03-05 15:31 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-05 15:31 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-05 15:31 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-05 15:31 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-05 15:31 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-05 15:31 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-03-05 09:23 . 2010-03-05 09:23 -------- d-----w- c:\users\gertjan\AppData\Local\Gas Powered Games
2010-03-04 19:25 . 2010-03-04 19:26 -------- d-----w- c:\users\gertjan\AppData\Roaming\Belastingdienst
2010-03-04 19:23 . 2010-03-04 19:23 -------- d-----w- c:\program files\Belastingdienst
2010-03-03 15:28 . 2010-03-03 15:28 -------- d-----w- c:\users\gertjan\AppData\Local\PunkBuster
2010-03-02 15:59 . 2010-03-02 15:59 138056 ----a-w- c:\users\gertjan\AppData\Roaming\PnkBstrK.sys
2010-03-02 15:45 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 15:45 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 15:45 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 15:45 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-02 15:45 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-01 08:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 10:40 . 2001-10-05 19:02 143360 ----a-w- c:\windows\system32\Stamin32.Dll
2010-02-28 08:33 . 2010-02-28 08:33 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-02-27 13:48 . 2010-02-27 13:52 -------- d-----w- c:\users\gertjan\AppData\Roaming\Static Windows Live Mail Backup
2010-02-27 13:47 . 2010-02-27 13:47 -------- d-----w- c:\program files\Static Windows Live Mail Backup
2010-02-27 13:38 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-27 13:37 . 2010-02-27 16:06 -------- d-----w- c:\users\gertjan\AppData\Local\odbcesentd9
2010-02-25 19:26 . 2010-02-27 15:49 -------- d-----w- c:\program files\7-Zip
2010-02-25 11:52 . 2010-02-25 11:56 -------- d-----w- c:\users\gertjan\AppData\Local\Babylon
2010-02-25 11:51 . 2010-02-25 11:51 -------- d-----w- c:\program files\Babylon
2010-02-25 11:51 . 2010-03-08 16:39 -------- d-----w- c:\programdata\Babylon
2010-02-25 11:51 . 2010-02-28 08:39 -------- d-----w- c:\users\gertjan\AppData\Roaming\Babylon
2010-02-24 09:11 . 2010-02-24 09:11 -------- d-----w- c:\users\gertjan\AppData\Roaming\ValuSoft
2010-02-23 22:01 . 2010-02-25 15:09 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-22 17:43 . 2010-02-22 17:43 -------- d-----w- c:\program files\Unlocker
2010-02-22 10:42 . 2010-02-22 10:44 -------- d-----w- c:\users\gertjan\AppData\Local\Electronic Arts
2010-02-22 03:39 . 2010-02-22 03:39 -------- d-----w- c:\windows\Sun
2010-02-21 20:08 . 2010-02-21 20:08 -------- d-----w- c:\program files\EGB3
2010-02-21 12:02 . 2010-02-20 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 23:31 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 23:31 . 2010-02-20 23:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-20 23:28 . 2010-02-20 23:28 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 23:28 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-20 23:27 . 2010-02-20 23:31 -------- d-----w- c:\programdata\Lavasoft
2010-02-20 23:27 . 2010-02-20 23:28 -------- d-----w- c:\program files\Lavasoft
2010-02-20 09:43 . 2010-02-20 10:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 19:03 . 2010-02-19 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 19:03 . 2010-02-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 18:48 . 2010-02-19 18:48 -------- d-----w- c:\windows\system32\Wat
2010-02-19 18:45 . 2010-02-19 18:45 -------- d-----w- c:\program files\Trend Micro
2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Osirius
2010-02-18 14:53 . 1998-10-01 14:22 302592 ----a-w- c:\windows\unin0413.exe
2010-02-16 19:17 . 2010-02-16 19:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-16 19:17 . 2010-02-16 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-11 22:34 . 2010-02-11 22:34 -------- d-----w- c:\program files\Windows Doctor
2010-02-10 23:32 . 2010-02-10 23:32 -------- d-----w- c:\programdata\SugarGames
2010-02-10 11:08 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 11:08 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 11:08 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 19:32 . 1999-03-02 15:32 81920 ----a-w- c:\windows\system32\Dlalrm32.dll
2010-02-09 19:31 . 1999-02-23 14:14 349184 ----a-w- c:\windows\system32\clav_qry.dll
2010-02-09 19:31 . 1999-01-13 17:01 233472 ----a-w- c:\windows\system32\Ilda32.dll
2010-02-09 19:31 . 1997-08-20 06:02 35328 ----a-w- c:\windows\system32\INETWH32.DLL
2010-02-09 19:31 . 1997-03-04 11:44 66560 ----a-w- c:\windows\system32\NMORENU.DLL
2010-02-09 19:31 . 1997-01-29 15:53 240640 ----a-w- c:\windows\system32\NMOCOD.DLL
2010-02-09 19:31 . 1997-01-29 15:46 48128 ----a-w- c:\windows\system32\NMSCKN.DLL
2010-02-09 19:31 . 2010-02-09 19:32 -------- d-----w- c:\program files\Davilex
2010-02-09 13:12 . 2010-02-09 13:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\Template
2010-02-08 17:28 . 2010-02-08 17:48 0 ----a-w- c:\windows\mfont.dat
2010-02-08 17:27 . 1999-06-10 10:06 415504 ----a-w- c:\windows\system32\msrepl35.dll
2010-02-08 17:27 . 1999-06-10 10:06 252176 ------w- c:\windows\system32\msrd2x35.dll
2010-02-08 17:27 . 1999-06-10 10:06 24848 ------w- c:\windows\system32\msjter35.dll
2010-02-08 17:27 . 1999-06-10 10:06 123664 ------w- c:\windows\system32\msjint35.dll
2010-02-08 17:27 . 1999-06-10 10:06 1046288 ------w- c:\windows\system32\msjet35.dll
2010-02-08 17:27 . 1998-05-17 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-08 17:27 . 1997-01-10 17:37 182784 ----a-w- c:\windows\system32\ddao35.dll
2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\program files\My Favorite Recipes
2010-02-08 07:52 . 2010-02-08 07:54 -------- d-----w- c:\users\gertjan\AppData\Local\Carta
2010-02-08 07:50 . 2010-02-08 07:50 -------- d-----w- c:\program files\Carta
2010-02-07 22:49 . 2010-02-07 22:49 -------- d-----w- c:\users\gertjan\AppData\Local\SmokeySoft
2010-02-07 22:45 . 2009-10-19 19:57 2669462 -c--a-w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}\ReceptenDBSetup.exe
2010-02-07 22:45 . 2010-02-07 22:45 -------- d-----w- c:\program files\SmokeySoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 16:39 . 2010-01-15 14:38 -------- d-----w- c:\users\gertjan\AppData\Roaming\uTorrent
2010-03-07 22:57 . 2010-01-18 23:40 -------- d-----w- c:\users\gertjan\AppData\Roaming\FrostWire
2010-03-07 20:20 . 2010-01-18 23:16 -------- d-----w- c:\programdata\SuperMP3Download
2010-03-06 10:21 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-03-06 10:21 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-03-03 14:32 . 2010-01-16 17:59 -------- d-----w- c:\program files\GemistDownloader
2010-03-03 14:18 . 2009-07-13 23:11 21584 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-28 11:23 . 2010-01-21 12:02 -------- d-----w- c:\program files\Launch Manager
2010-02-28 08:39 . 2010-01-25 08:00 -------- d-----w- c:\program files\RAR Password Unlocker
2010-02-28 00:16 . 2010-01-15 15:03 -------- d-----w- c:\program files\QuickPar
2010-02-27 13:34 . 2010-01-15 14:09 112328 ----a-w- c:\users\gertjan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 21:08 . 2010-01-15 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 21:04 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 08:16 . 2010-01-15 13:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:21 . 2010-01-28 10:04 -------- d-----w- c:\program files\Opera
2010-02-19 18:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-02-19 18:49 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-02-19 18:49 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-16 09:02 . 2010-01-18 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:55 . 2010-01-15 13:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-14 17:55 . 2010-01-15 14:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-10 13:19 . 2010-01-15 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-02-09 13:12 . 2010-01-22 09:37 118 ----a-w- c:\users\gertjan\AppData\Roaming\wklnhst.dat
2010-02-07 22:45 . 2010-02-07 22:44 -------- dc-h--w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}
2010-02-05 07:22 . 2010-01-15 13:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-04 18:55 . 2010-01-15 13:20 -------- d-----w- c:\users\gertjan\AppData\Roaming\DAEMON Tools Lite
2010-02-04 18:47 . 2010-01-23 18:05 -------- d-----w- c:\users\gertjan\AppData\Roaming\vlc
2010-02-04 15:12 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-04 15:12 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-04 15:12 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-02-02 23:42 . 2010-02-02 23:42 -------- d-----w- c:\program files\Plus!
2010-02-02 12:13 . 2010-02-02 12:13 -------- d-----w- c:\users\gertjan\AppData\Roaming\Playrix Entertainment
2010-02-01 19:28 . 2010-02-01 19:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 14:35 . 2010-02-01 14:35 3 ----a-w- C:\BLINDEN.SYS
2010-01-29 09:17 . 2010-01-29 09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-28 09:50 . 2010-01-20 14:57 -------- d-----w- c:\users\gertjan\AppData\Roaming\ArcSoft
2010-01-28 09:25 . 2010-01-28 09:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\programdata\Fighters
2010-01-28 08:02 . 2010-01-28 08:02 -------- d-----w- c:\program files\Fighters
2010-01-28 07:16 . 2010-01-28 07:16 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 02:56 . 2010-01-18 23:28 -------- d-----w- c:\program files\Java
2010-01-26 22:33 . 2010-01-26 22:33 23 ----a-w- c:\windows\system32\krx220.dat
2010-01-26 22:33 . 2010-01-26 22:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\Kristanix Software
2010-01-26 08:16 . 2010-01-15 15:19 -------- d-----w- c:\users\gertjan\AppData\Roaming\NewsLeecher
2010-01-23 18:04 . 2010-01-23 18:04 -------- d-----w- c:\program files\VideoLAN
2010-01-23 08:48 . 2010-01-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-23 05:26 . 2010-01-15 15:11 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 02:01 . 2010-01-15 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\program files\Bit Che
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\users\gertjan\AppData\Roaming\Convivea
2010-01-22 07:34 . 2010-01-22 07:34 41296 ----a-r- c:\windows\system32\hlp95en.dll
2010-01-21 21:45 . 2010-01-15 15:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\URSoft
2010-01-21 18:30 . 2010-01-21 18:30 -------- d-----w- c:\users\gertjan\AppData\Roaming\ImgBurn
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\users\gertjan\AppData\Roaming\Intel
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\programdata\Roaming
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\programdata\Intel
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\program files\Cisco
2010-01-21 12:38 . 2010-01-15 16:50 -------- d-----w- c:\program files\Intel
2010-01-21 12:37 . 2010-01-21 12:37 -------- d-----w- c:\programdata\Broadcom
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI
2010-01-21 11:50 . 2010-01-21 11:50 -------- d-----w- c:\program files\Broadcom
2010-01-21 11:36 . 2010-01-21 11:35 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\programdata\InstallShield
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\program files\SuYin
2010-01-21 11:33 . 2010-01-21 11:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\InstallShield
2010-01-21 09:45 . 2010-01-21 09:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-20 09:16 . 2010-01-15 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:06 . 2010-01-19 00:06 0 ----a-w- c:\users\gertjan\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-18 23:40 . 2010-01-15 14:43 -------- d-----w- c:\program files\FrostWire
2010-01-18 23:16 . 2010-01-18 23:16 -------- d-----w- c:\users\gertjan\AppData\Roaming\SuperMP3Download
2010-01-17 16:52 . 2010-01-17 16:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-17 07:09 . 2010-01-17 07:09 -------- d-----w- c:\program files\SuperMp3Download
2010-01-16 12:30 . 2010-01-16 12:30 -------- d-----w- c:\programdata\Sports Interactive
2010-01-16 12:29 . 2010-01-16 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Sports Interactive
2010-01-16 12:11 . 2010-01-16 12:08 -------- d--h--w- c:\program files\Zero G Registry
2010-01-15 19:24 . 2010-01-15 19:23 -------- d-----w- c:\users\gertjan\AppData\Roaming\CyberLink
2010-01-15 19:24 . 2010-01-15 14:26 -------- d-----w- c:\programdata\CyberLink
2010-01-15 19:15 . 2010-01-15 19:01 -------- d-----w- c:\users\gertjan\AppData\Roaming\Ahead
2010-01-15 19:01 . 2010-01-15 18:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\programdata\Nero
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Nero
2010-01-15 16:51 . 2010-01-15 16:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-15 15:47 . 2010-01-15 15:22 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:46 . 2010-01-15 15:46 -------- d-----w- c:\program files\CONEXANT
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\programdata\DVD Shrink
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\program files\DVD Shrink
2010-01-15 15:24 . 2010-01-15 15:06 -------- d-----w- c:\program files\Windows Live
2010-01-15 15:23 . 2010-01-15 15:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-15 15:15 . 2010-01-15 15:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Your Uninstaller
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-15 15:08 . 2010-01-15 15:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-15 14:57 . 2010-01-15 14:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-15 14:39 . 2010-01-15 14:39 -------- d-----w- c:\program files\uTorrent
2010-01-15 14:35 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Your Uninstaller! 2006 PRO
2010-01-15 14:32 . 2010-01-15 14:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\NewsLeecher
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C0179FC-C906-4320-9A50-906663D3D994}]
c:\windows\system32\qpuztwca.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}"
[HKEY_CLASSES_ROOT\CLSID\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-15 289584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-19 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-01 3706256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-19 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-05 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/15 15:26];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 87536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-20 1229232]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de 'Gedeelde Taken' map

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:30]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl/?&pageid=V1R0TMWA9SG84GGO
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86} = 208.67.222.222,208.67.220.220
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8516E1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x851b66d0
QueryNameProcedure -> 0x851b6860
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-4240235451-1172685772-1022493641-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D61D7EDD-DC24-94AC-30EE-6488DE37A538}*]
"habcpjhppjlghkki"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
"iahbjlocadlpjeibkn"=hex:63,61,69,64,6b,64,00,00
"ialcjkoclpdcdnnani"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{9261A151-0AF5-4823-8CBD-EB99E80E7284}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00039FF64B6EB1FE"
"ScannerBuild"=dword:000018d5
"ScannerVersionId"=dword:00001293
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(2356)
c:\windows\system32\ndlvdss.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\libssl32.dll
c:\windows\system32\LIBEAY32.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\MessengerDiscovery 2\MessengerDiscovery 2.exe
c:\windows\system32\DllHost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Voltooingstijd: 2010-03-08 17:45:10 - machine werd herstart
ComboFix-quarantined-files.txt 2010-03-08 16:45
ComboFix2.txt 2010-03-04 09:16
ComboFix3.txt 2010-03-03 14:42
ComboFix4.txt 2010-02-27 16:17
ComboFix5.txt 2010-03-08 16:27

Download mbr.exe en sla deze op je bureaublad op.
Dubbelklik op mbr.exe om het programma te starten.
Mocht er een waarschuwing komen van een beveiligingsprogramma, sta dan toe dat mbr.exe start.
Er zal even een "DOS schermpje" te zien zijn dat vanzelf weer sluit.
Daarna staat er een nieuw bestandje op het bureaublad: mbr.log
Dit is het logbestand, post de inhoud van dat bestand in je volgende bericht.

Plaats ook een nieuw combofix logje aub.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

hier is combofix:

ComboFix 10-03-07.05 - gertjan 09-03-2010 0:16.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3062.2375 [GMT 1:00]
Gestart vanuit: c:\users\gertjan\Desktop\ComboFix.exe
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ndlvdss.dll
c:\windows\system32\qpuztwca.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rmnspirn


(((((((((((((((((((( Bestanden Gemaakt van 2010-02-08 to 2010-03-08 ))))))))))))))))))))))))))))))
.

2010-03-08 23:24 . 2010-03-08 23:28 -------- d-----w- c:\users\gertjan\AppData\Local\temp
2010-03-08 23:24 . 2010-03-08 23:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-08 23:24 . 2010-03-08 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-08 22:40 . 2007-06-28 17:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-08 22:40 . 2007-06-28 17:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-08 22:40 . 2010-03-08 22:40 -------- d-----w- c:\program files\Xvid
2010-03-07 08:36 . 2010-03-07 08:36 -------- d-----w- c:\users\gertjan\AppData\Roaming\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\programdata\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\program files\MessengerDiscovery 2
2010-03-05 15:31 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-05 15:31 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-05 15:31 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-05 15:31 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-05 15:31 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-05 15:31 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-03-05 09:23 . 2010-03-05 09:23 -------- d-----w- c:\users\gertjan\AppData\Local\Gas Powered Games
2010-03-04 19:25 . 2010-03-04 19:26 -------- d-----w- c:\users\gertjan\AppData\Roaming\Belastingdienst
2010-03-04 19:23 . 2010-03-04 19:23 -------- d-----w- c:\program files\Belastingdienst
2010-03-03 15:28 . 2010-03-03 15:28 -------- d-----w- c:\users\gertjan\AppData\Local\PunkBuster
2010-03-02 15:59 . 2010-03-02 15:59 138056 ----a-w- c:\users\gertjan\AppData\Roaming\PnkBstrK.sys
2010-03-02 15:45 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 15:45 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 15:45 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 15:45 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-02 15:45 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-01 08:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 10:40 . 2001-10-05 19:02 143360 ----a-w- c:\windows\system32\Stamin32.Dll
2010-02-28 08:33 . 2010-02-28 08:33 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-02-27 13:48 . 2010-02-27 13:52 -------- d-----w- c:\users\gertjan\AppData\Roaming\Static Windows Live Mail Backup
2010-02-27 13:47 . 2010-02-27 13:47 -------- d-----w- c:\program files\Static Windows Live Mail Backup
2010-02-27 13:38 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-27 13:37 . 2010-02-27 16:06 -------- d-----w- c:\users\gertjan\AppData\Local\odbcesentd9
2010-02-25 19:26 . 2010-02-27 15:49 -------- d-----w- c:\program files\7-Zip
2010-02-25 11:52 . 2010-02-25 11:56 -------- d-----w- c:\users\gertjan\AppData\Local\Babylon
2010-02-25 11:51 . 2010-02-25 11:51 -------- d-----w- c:\program files\Babylon
2010-02-25 11:51 . 2010-03-08 23:27 -------- d-----w- c:\programdata\Babylon
2010-02-25 11:51 . 2010-02-28 08:39 -------- d-----w- c:\users\gertjan\AppData\Roaming\Babylon
2010-02-24 09:11 . 2010-02-24 09:11 -------- d-----w- c:\users\gertjan\AppData\Roaming\ValuSoft
2010-02-23 22:01 . 2010-02-25 15:09 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-22 17:43 . 2010-02-22 17:43 -------- d-----w- c:\program files\Unlocker
2010-02-22 10:42 . 2010-02-22 10:44 -------- d-----w- c:\users\gertjan\AppData\Local\Electronic Arts
2010-02-22 03:39 . 2010-02-22 03:39 -------- d-----w- c:\windows\Sun
2010-02-21 20:08 . 2010-02-21 20:08 -------- d-----w- c:\program files\EGB3
2010-02-21 12:02 . 2010-02-20 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 23:31 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 23:31 . 2010-02-20 23:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-20 23:28 . 2010-02-20 23:28 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 23:28 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-20 23:27 . 2010-02-20 23:31 -------- d-----w- c:\programdata\Lavasoft
2010-02-20 23:27 . 2010-02-20 23:28 -------- d-----w- c:\program files\Lavasoft
2010-02-20 09:43 . 2010-02-20 10:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 19:03 . 2010-02-19 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 19:03 . 2010-02-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 18:48 . 2010-02-19 18:48 -------- d-----w- c:\windows\system32\Wat
2010-02-19 18:45 . 2010-02-19 18:45 -------- d-----w- c:\program files\Trend Micro
2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Osirius
2010-02-18 14:53 . 1998-10-01 14:22 302592 ----a-w- c:\windows\unin0413.exe
2010-02-16 19:17 . 2010-02-16 19:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-16 19:17 . 2010-02-16 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-11 22:34 . 2010-02-11 22:34 -------- d-----w- c:\program files\Windows Doctor
2010-02-10 23:32 . 2010-02-10 23:32 -------- d-----w- c:\programdata\SugarGames
2010-02-10 11:08 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-02-10 11:08 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 11:08 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 11:08 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-10 11:08 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-09 19:32 . 1999-03-02 15:32 81920 ----a-w- c:\windows\system32\Dlalrm32.dll
2010-02-09 19:31 . 1999-02-23 14:14 349184 ----a-w- c:\windows\system32\clav_qry.dll
2010-02-09 19:31 . 1999-01-13 17:01 233472 ----a-w- c:\windows\system32\Ilda32.dll
2010-02-09 19:31 . 1997-08-20 06:02 35328 ----a-w- c:\windows\system32\INETWH32.DLL
2010-02-09 19:31 . 1997-03-04 11:44 66560 ----a-w- c:\windows\system32\NMORENU.DLL
2010-02-09 19:31 . 1997-01-29 15:53 240640 ----a-w- c:\windows\system32\NMOCOD.DLL
2010-02-09 19:31 . 1997-01-29 15:46 48128 ----a-w- c:\windows\system32\NMSCKN.DLL
2010-02-09 19:31 . 2010-02-09 19:32 -------- d-----w- c:\program files\Davilex
2010-02-09 13:12 . 2010-02-09 13:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\Template
2010-02-08 17:28 . 2010-02-08 17:48 0 ----a-w- c:\windows\mfont.dat
2010-02-08 17:27 . 1999-06-10 10:06 415504 ----a-w- c:\windows\system32\msrepl35.dll
2010-02-08 17:27 . 1999-06-10 10:06 252176 ------w- c:\windows\system32\msrd2x35.dll
2010-02-08 17:27 . 1999-06-10 10:06 24848 ------w- c:\windows\system32\msjter35.dll
2010-02-08 17:27 . 1999-06-10 10:06 123664 ------w- c:\windows\system32\msjint35.dll
2010-02-08 17:27 . 1999-06-10 10:06 1046288 ------w- c:\windows\system32\msjet35.dll
2010-02-08 17:27 . 1998-05-17 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-08 17:27 . 1997-01-10 17:37 182784 ----a-w- c:\windows\system32\ddao35.dll
2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\program files\My Favorite Recipes
2010-02-08 07:52 . 2010-02-08 07:54 -------- d-----w- c:\users\gertjan\AppData\Local\Carta
2010-02-08 07:50 . 2010-02-08 07:50 -------- d-----w- c:\program files\Carta
2010-02-07 22:49 . 2010-02-07 22:49 -------- d-----w- c:\users\gertjan\AppData\Local\SmokeySoft
2010-02-07 22:45 . 2009-10-19 19:57 2669462 -c--a-w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}\ReceptenDBSetup.exe
2010-02-07 22:45 . 2010-02-07 22:45 -------- d-----w- c:\program files\SmokeySoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 23:30 . 2010-01-15 14:38 -------- d-----w- c:\users\gertjan\AppData\Roaming\uTorrent
2010-03-07 22:57 . 2010-01-18 23:40 -------- d-----w- c:\users\gertjan\AppData\Roaming\FrostWire
2010-03-07 20:20 . 2010-01-18 23:16 -------- d-----w- c:\programdata\SuperMP3Download
2010-03-06 10:21 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-03-06 10:21 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-03-03 14:32 . 2010-01-16 17:59 -------- d-----w- c:\program files\GemistDownloader
2010-03-03 14:18 . 2009-07-13 23:11 21584 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-28 11:23 . 2010-01-21 12:02 -------- d-----w- c:\program files\Launch Manager
2010-02-28 08:39 . 2010-01-25 08:00 -------- d-----w- c:\program files\RAR Password Unlocker
2010-02-28 00:16 . 2010-01-15 15:03 -------- d-----w- c:\program files\QuickPar
2010-02-27 13:34 . 2010-01-15 14:09 112328 ----a-w- c:\users\gertjan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 21:08 . 2010-01-15 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 21:04 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 08:16 . 2010-01-15 13:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:21 . 2010-01-28 10:04 -------- d-----w- c:\program files\Opera
2010-02-19 18:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-02-19 18:49 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-02-19 18:49 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-16 09:02 . 2010-01-18 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:55 . 2010-01-15 13:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-14 17:55 . 2010-01-15 14:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-10 13:19 . 2010-01-15 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-02-09 13:12 . 2010-01-22 09:37 118 ----a-w- c:\users\gertjan\AppData\Roaming\wklnhst.dat
2010-02-07 22:45 . 2010-02-07 22:44 -------- dc-h--w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}
2010-02-05 07:22 . 2010-01-15 13:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-04 18:55 . 2010-01-15 13:20 -------- d-----w- c:\users\gertjan\AppData\Roaming\DAEMON Tools Lite
2010-02-04 18:47 . 2010-01-23 18:05 -------- d-----w- c:\users\gertjan\AppData\Roaming\vlc
2010-02-04 15:12 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-04 15:12 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-04 15:12 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-02-02 23:42 . 2010-02-02 23:42 -------- d-----w- c:\program files\Plus!
2010-02-02 12:13 . 2010-02-02 12:13 -------- d-----w- c:\users\gertjan\AppData\Roaming\Playrix Entertainment
2010-02-01 19:28 . 2010-02-01 19:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 14:35 . 2010-02-01 14:35 3 ----a-w- C:\BLINDEN.SYS
2010-01-29 09:17 . 2010-01-29 09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-28 09:50 . 2010-01-20 14:57 -------- d-----w- c:\users\gertjan\AppData\Roaming\ArcSoft
2010-01-28 09:25 . 2010-01-28 09:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\programdata\Fighters
2010-01-28 08:02 . 2010-01-28 08:02 -------- d-----w- c:\program files\Fighters
2010-01-28 07:16 . 2010-01-28 07:16 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 02:56 . 2010-01-18 23:28 -------- d-----w- c:\program files\Java
2010-01-26 22:33 . 2010-01-26 22:33 23 ----a-w- c:\windows\system32\krx220.dat
2010-01-26 22:33 . 2010-01-26 22:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\Kristanix Software
2010-01-26 08:16 . 2010-01-15 15:19 -------- d-----w- c:\users\gertjan\AppData\Roaming\NewsLeecher
2010-01-23 18:04 . 2010-01-23 18:04 -------- d-----w- c:\program files\VideoLAN
2010-01-23 08:48 . 2010-01-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-23 05:26 . 2010-01-15 15:11 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 02:01 . 2010-01-15 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\program files\Bit Che
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\users\gertjan\AppData\Roaming\Convivea
2010-01-22 07:34 . 2010-01-22 07:34 41296 ----a-r- c:\windows\system32\hlp95en.dll
2010-01-21 21:45 . 2010-01-15 15:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\URSoft
2010-01-21 18:30 . 2010-01-21 18:30 -------- d-----w- c:\users\gertjan\AppData\Roaming\ImgBurn
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\users\gertjan\AppData\Roaming\Intel
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\programdata\Roaming
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\programdata\Intel
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\program files\Cisco
2010-01-21 12:38 . 2010-01-15 16:50 -------- d-----w- c:\program files\Intel
2010-01-21 12:37 . 2010-01-21 12:37 -------- d-----w- c:\programdata\Broadcom
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI
2010-01-21 11:50 . 2010-01-21 11:50 -------- d-----w- c:\program files\Broadcom
2010-01-21 11:36 . 2010-01-21 11:35 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\programdata\InstallShield
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\program files\SuYin
2010-01-21 11:33 . 2010-01-21 11:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\InstallShield
2010-01-21 09:45 . 2010-01-21 09:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-20 09:16 . 2010-01-15 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:06 . 2010-01-19 00:06 0 ----a-w- c:\users\gertjan\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-18 23:40 . 2010-01-15 14:43 -------- d-----w- c:\program files\FrostWire
2010-01-18 23:16 . 2010-01-18 23:16 -------- d-----w- c:\users\gertjan\AppData\Roaming\SuperMP3Download
2010-01-17 16:52 . 2010-01-17 16:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-17 07:09 . 2010-01-17 07:09 -------- d-----w- c:\program files\SuperMp3Download
2010-01-16 12:30 . 2010-01-16 12:30 -------- d-----w- c:\programdata\Sports Interactive
2010-01-16 12:29 . 2010-01-16 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Sports Interactive
2010-01-16 12:11 . 2010-01-16 12:08 -------- d--h--w- c:\program files\Zero G Registry
2010-01-15 19:24 . 2010-01-15 19:23 -------- d-----w- c:\users\gertjan\AppData\Roaming\CyberLink
2010-01-15 19:24 . 2010-01-15 14:26 -------- d-----w- c:\programdata\CyberLink
2010-01-15 19:15 . 2010-01-15 19:01 -------- d-----w- c:\users\gertjan\AppData\Roaming\Ahead
2010-01-15 19:01 . 2010-01-15 18:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\programdata\Nero
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Nero
2010-01-15 16:51 . 2010-01-15 16:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-15 15:47 . 2010-01-15 15:22 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:46 . 2010-01-15 15:46 -------- d-----w- c:\program files\CONEXANT
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\programdata\DVD Shrink
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\program files\DVD Shrink
2010-01-15 15:24 . 2010-01-15 15:06 -------- d-----w- c:\program files\Windows Live
2010-01-15 15:23 . 2010-01-15 15:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-15 15:15 . 2010-01-15 15:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Your Uninstaller
2010-01-15 15:12 . 2010-01-15 15:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-15 15:08 . 2010-01-15 15:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-15 14:57 . 2010-01-15 14:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-15 14:39 . 2010-01-15 14:39 -------- d-----w- c:\program files\uTorrent
2010-01-15 14:35 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-01-15 14:34 . 2010-01-15 14:34 -------- d-----w- c:\program files\Your Uninstaller! 2006 PRO
2010-01-15 14:32 . 2010-01-15 14:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-15 14:27 . 2010-01-15 14:27 -------- d-----w- c:\program files\NewsLeecher
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C0179FC-C906-4320-9A50-906663D3D994}]
c:\windows\system32\qpuztwca.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}"
[HKEY_CLASSES_ROOT\CLSID\{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9}]
2009-07-13 23:11 109568 ----a-w- c:\windows\System32\ndlvdss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-15 289584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-19 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-01 3706256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-19 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-05 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/15 15:26];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 87536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-20 1229232]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl/?&pageid=V1R0TMWA9SG84GGO
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86} = 208.67.222.222,208.67.220.220
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-4240235451-1172685772-1022493641-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D61D7EDD-DC24-94AC-30EE-6488DE37A538}*]
"habcpjhppjlghkki"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
"iahbjlocadlpjeibkn"=hex:63,61,69,64,6b,64,00,00
"ialcjkoclpdcdnnani"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{9261A151-0AF5-4823-8CBD-EB99E80E7284}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00039FF64B6EB1FE"
"ScannerBuild"=dword:000018d5
"ScannerVersionId"=dword:00001293
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(1672)
c:\windows\system32\ndlvdss.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\libssl32.dll
c:\windows\system32\LIBEAY32.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\MessengerDiscovery 2\MessengerDiscovery 2.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Voltooingstijd: 2010-03-09 00:32:46 - machine werd herstart
ComboFix-quarantined-files.txt 2010-03-08 23:32
ComboFix2.txt 2010-03-08 16:45
ComboFix3.txt 2010-03-04 09:16
ComboFix4.txt 2010-03-03 14:42
ComboFix5.txt 2010-03-08 23:15

Pre-Run: 47.126.507.520 bytes beschikbaar
Post-Run: 46.898.659.328 bytes beschikbaar

- - End Of File - - B5D9F1CA9B7504FB5AA7535840C9260C

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:



Uitvoeren kan ook gestart worden door de toetsencombinatie

Daarna

Download opnieuw Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
• Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
• Klik op OK in het "NirCmd" venstertje.
• Klik na afloop terug op Ja om het scannen op malware te starten.
• Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
• Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord