Opstartprobleem: zwart scherm

[anoniem]

Sinds een behoorlijke tijd krijg ik een zwart scherm tijdens het aanmelden van mijn account na het opstarten van mijn pc (Windows Vista Home Premium 32-bit). Het scherm is dus helemaal zwart, je ziet alleen de cursor die je kunt bewegen. Het duurt ong een minuut voordat daarna mijn bureaublad tevoorschijn komt en de programma's worden geladen. Ik heb hier een oplossing op gevonden: Nadat ik op mijn account heb geklikt om aan te melden, klik ik meteen op CTR+ALT+DEL en open in taakbeheer. Ik sluit explorer.exe en open hem daarna weer opnieuw. Nu komt mijn bureaublad wel weer tevoorschijn. Omdat deze methode dus geen oplossing is, hoop ik dat iemand mij kan helpen. Ik heb zelf al een keer via msconfig alle services (op microsoft na dan) en alle opstartprogramma's uitgeschakeld. Dit hielp niet. Ik kan natuurlijk Windows opnieuw installeren maar daar wordt je ook niet vrolijk van. Kan iemand mij helpen? Dat zou ik echt fijn vinden. Met vriendelijke groet, Jordy

[anoniem]

Hallo Jordy!, ik wil wel zeker gaan dat je Windows schoon is. [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:210d15a206]Laat Combofix jouw Windows scannen[/b:210d15a206] (klik)[/url]. [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:210d15a206]Hoe Combofix goed te gebruiken[/b:210d15a206] (klik)[/url] [b:210d15a206]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende: [color=red:210d15a206]- er mogen geen webbrowsers openstaan - antivirus moet geheel gedeaktiveerd zijn - actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:210d15a206][/color:210d15a206] Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen! Combofix sluit de internet verbinding – probeer deze tussentijds niet te herstellen! [b:210d15a206]Vistagebruikers starten Combofix op met Administratorrechten! En vergeten niet Windows Defender tijdelijk uit te schakelen: zie daarvoor [url]http://windowshelp.microsoft.com/Windows/nl-NL/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1043.mspx[/url].[/b:210d15a206] [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:210d15a206]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:210d15a206][/url] Post de inhoud van het Combofix log en ja, ook de Uninstalllijst!

[anoniem]

Ik zal het vanmiddag doen, bedankt. Ik denk inderdaad dat mijn computer niet helemaal schoon is, want het zwarte opstartscherm heb ik nu weer wel. Alleen de drie punten die je gaf en ik moest verwijderen die staan niet meer in HijackThis. Maar goed. Eerst vanmiddag even de scan...

[anoniem]

Ik heb het gedaan, Slecht nieuws... Op het moment dat hij klaar was, was hij bezig met het verwijderen van twee bestanden. Dit had ik voor de zekerheid (gelukkig) op papier opgeschreven. Ik dacht dat dat misschien nog wel van toepassing zou komen. De volgende twee dingen werden verwijderd: autorun.inf muzapp.exe Vervolgens kreeg ik een blauw scherm (!) en de computer viel uit. Na herstart de volgende melding: [quote:30935b8477] Probleemhandtekening: Gebeurtenisnaam van probleem: BlueScreen Versie van besturingssysteem: 6.0.6002.2.2.0.768.3 Landinstelling-id: 1033 Aanvullende informatie over dit probleem: BCCode: d1 BCP1: A19692A4 BCP2: 000000FF BCP3: 00000008 BCP4: A19692A4 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Bestanden die helpen bij het beschrijven van het probleem: C:\Windows\Minidump\Mini021510-01.dmp C:\Users\gebruiker\AppData\Local\temp\WER-160025-0.sysdata.xml C:\Users\gebruiker\AppData\Local\temp\WERC87C.tmp.version.txt Lees onze privacyverklaring: http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0413 [/quote:30935b8477] Dus wat moet ik nu doen? Moet ik mijn pc in veilige modus oid nog een keer scannen?

[anoniem]

Combofix mag inderdaad ook in veilige modus gebruiken. Ik ben benieuwd, want je PC schijnt dieper geïnfecteerd te zijn dan ik oorspronkelijk dacht.

[anoniem]

Ok, dit is het log: ComboFix 10-02-12.01 - Jordy 02/15/2010 15:27:21.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1600 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Downloads\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))) . 2010-02-15 14:39 . 2010-02-15 14:39 -------- d-----w- c:\users\gebruiker\AppData\Local\temp 2010-02-15 14:39 . 2010-02-15 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-15 14:39 . 2010-02-15 14:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2010-02-15 13:53 . 2010-02-15 13:53 -------- d-----w- c:\program files\Sophos 2010-02-15 12:26 . 2010-02-15 12:26 -------- d-----w- C:\$AVG 2010-02-13 15:16 . 2010-02-14 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-13 15:16 . 2010-02-13 18:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-13 15:02 . 2010-02-15 12:45 -------- d-----w- c:\program files\Enigma Software Group 2010-02-12 12:53 . 2009-10-14 12:03 23392 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys 2010-02-12 12:53 . 2009-10-07 08:39 210248 ----a-w- c:\windows\system32\nscrnsav.scr 2010-02-11 17:23 . 2010-02-11 18:23 -------- d-----w- c:\users\gebruiker\AppData\Roaming\SoundSpectrum 2010-02-11 17:22 . 2009-04-05 01:01 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll 2010-02-11 17:22 . 2010-02-11 17:22 -------- d-----w- c:\program files\SoundSpectrum 2010-02-10 12:44 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-10 12:44 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-09 15:29 . 2010-02-09 15:29 -------- d-----w- c:\program files\Microsoft Expression 2010-02-05 14:33 . 2010-02-05 14:33 -------- d-----w- c:\users\gebruiker\AppData\Roaming\HPAppData 2010-02-05 14:18 . 2010-02-05 14:19 23188 ----a-w- c:\windows\hpqins15.dat 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll 2010-02-03 18:22 . 2010-02-03 18:22 -------- d-----w- c:\users\gebruiker\AppData\Roaming\HPAppData(93) 2010-02-02 19:00 . 2010-02-02 19:06 -------- d-----w- c:\program files\Uniblue 2010-02-02 16:16 . 2010-02-04 13:20 -------- d-----w- c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66} 2010-02-02 16:07 . 2010-02-02 16:07 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-01 12:48 . 2010-02-01 12:48 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2010-02-01 12:48 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 12:48 . 2010-02-01 12:48 -------- d-----w- c:\programdata\Malwarebytes 2010-02-01 12:48 . 2010-02-14 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-01 12:48 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-25 14:51 . 2010-01-25 14:53 -------- d-----w- c:\users\gebruiker\AppData\Roaming\QuickScan 2010-01-24 15:51 . 2010-01-24 15:51 -------- d-----w- c:\programdata\F-Secure 2010-01-19 14:42 . 2010-01-19 14:42 -------- d-----w- c:\program files\Chami . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-14 12:45 . 2009-06-17 15:04 -------- d-----w- c:\program files\AVG 2010-02-15 14:18 . 2009-11-08 12:19 70863 ----a-w- c:\programdata\nvModes.dat 2010-02-15 14:17 . 2008-01-04 19:49 -------- d-----w- c:\program files\Norman 2010-02-14 13:20 . 2009-01-29 14:40 -------- d-----w- c:\program files\T.EDv6 2010-02-14 13:17 . 2009-08-31 11:34 -------- d-----w- c:\users\gebruiker\AppData\Roaming\EditPlus 3 2010-02-14 13:02 . 2010-01-03 12:41 -------- d-----w- c:\users\gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2010-02-14 13:02 . 2009-09-17 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-14 13:02 . 2010-01-03 12:41 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-13 15:50 . 2007-10-31 00:09 835466 ----a-w- c:\windows\system32\perfh013.dat 2010-02-13 15:50 . 2007-10-31 00:09 186746 ----a-w- c:\windows\system32\perfc013.dat 2010-02-11 13:36 . 2008-08-27 12:11 -------- d-----w- c:\program files\Google 2010-02-10 16:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-09 17:31 . 2009-10-26 18:35 -------- d-----w- c:\users\gebruiker\AppData\Roaming\KeePass 2010-02-07 19:31 . 2008-09-15 16:32 -------- d-----w- c:\program files\EA SPORTS 2010-02-07 17:43 . 2009-08-15 19:36 -------- d-----w- c:\users\gebruiker\AppData\Roaming\HpUpdate 2010-02-07 16:17 . 2008-02-21 07:02 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-05 14:18 . 2007-10-30 16:10 -------- d-----w- c:\program files\HP 2010-02-04 13:40 . 2008-06-16 13:35 -------- d-----w- c:\program files\SystemRequirementsLab 2010-02-04 13:40 . 2009-12-01 07:14 -------- d-----w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab 2010-02-04 13:34 . 2008-06-13 21:46 -------- d-----w- c:\programdata\NVIDIA 2010-02-04 13:20 . 2009-12-17 12:11 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Notepad++ 2010-02-04 13:20 . 2008-01-12 16:17 -------- d-----w- c:\programdata\HP Product Assistant 2010-02-02 19:01 . 2008-04-20 13:29 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Uniblue 2010-01-22 14:24 . 2010-01-10 12:59 -------- d-----w- c:\program files\WinRescue Vista 2010-01-21 14:14 . 2008-02-27 18:24 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-15 15:35 . 2010-01-15 15:34 -------- d-----w- c:\program files\CPU Speed Pro 2010-01-14 10:12 . 2009-10-03 12:04 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll 2010-01-11 21:18 . 2010-01-11 21:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-11 21:18 . 2010-01-11 21:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-01-11 21:18 . 2010-01-11 21:18 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-06 17:59 . 2010-01-06 17:59 -------- d-----w- c:\programdata\MySQL 2010-01-03 12:42 . 2010-01-03 12:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-01-02 06:38 . 2010-01-22 20:18 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 20:18 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 20:18 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 20:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-30 11:02 . 2009-07-10 14:23 190160 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-30 09:17 . 2009-07-10 14:23 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-12-24 10:42 . 2009-09-26 12:07 -------- d-----w- c:\program files\McAfee 2009-12-23 12:23 . 2009-12-23 11:09 39 ----a-w- c:\users\gebruiker\jagex_runescape_preferences.dat 2009-12-23 12:19 . 2009-12-23 11:09 69 ----a-w- c:\users\gebruiker\jagex_runescape_preferences2.dat 2009-12-08 20:01 . 2010-02-10 12:43 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-10 12:43 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-10 12:43 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-10 12:43 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-12-04 18:30 . 2010-02-10 12:43 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 12:43 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 12:43 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 12:43 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 12:43 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 12:43 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 12:43 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 12:43 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 12:43 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-04 15:56 . 2010-02-10 12:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 15:56 . 2010-02-10 12:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2009-05-15 15:28 . 2009-05-15 15:28 76 --sh--r- c:\windows\FFSSET.BIN 2007-10-31 00:32 . 2007-10-31 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ Isdelete\0autocheck autochk /k:C * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-10-02 12:45 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-05 13:12 135664 ----atw- c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-04-01 12:41 166424 ----a-w- c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2007-05-24 12:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-04-01 12:41 141848 ----a-w- c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-05-16 09:58 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-02-06 16:52 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA] 2009-11-24 10:01 189824 ----a-w- c:\program files\Norman\Npm\Bin\Zlh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] 2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-04-01 12:41 133656 ----a-w- c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-15 10:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] 2007-12-14 16:19 132624 ------w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2008-06-10 02:27 54672 ----a-w- c:\windows\System32\jureg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):a8,e2,28,01,8c,fa,c9,01 R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [2/12/2010 1:53 PM 25032] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2/12/2010 1:53 PM 61512] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2/12/2010 1:53 PM 24168] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [5/16/2007 1:54 AM 28160] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [3/31/2009 5:44 PM 55280] S3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [2/12/2010 1:53 PM 23392] S3 PCD5SRVC{BD6912E3-AC9D80E8-05020000};PCD5SRVC{BD6912E3-AC9D80E8-05020000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [5/16/2007 1:47 AM 25632] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/27/2008 3:51 PM 1527900] S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360] S4 gupdate1c9c359db5df5f7;Google Update Service (gupdate1c9c359db5df5f7);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 3:51 PM 133104] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2009 1:07 PM 93320] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 1:28 AM 47128] S4 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [2/12/2010 1:53 PM 103752] S4 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2/12/2010 1:53 PM 283976] S4 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2/12/2010 1:53 PM 202056] S4 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [2/12/2010 1:53 PM 97752] S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336] S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/13/2010 4:16 PM 1153368] S4 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2/12/2010 1:53 PM 133272] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936] S4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/27/2008 3:52 PM 544768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 14:51] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 14:51] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3847781438-3627025340-978385420-1000Core.job - c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 13:12] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3847781438-3627025340-978385420-1000UA.job - c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 13:12] 2010-02-13 c:\windows\Tasks\HPCeeScheduleForgebruiker.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-10-30 15:55] 2010-12-14 c:\windows\Tasks\User_Feed_Synchronization-{218F3DBE-CB9B-4610-92A5-CA198EA3834B}.job - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56] . . ------- Bijkomende Scan ------- . uStart Page = www.runescape.com/ DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\sc1wnh5z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/ FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\gebruiker\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\users\gebruiker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\sc1wnh5z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-Hitman Pro Expiration Helper - c:\program files\Hitman Pro\xphelper.exe MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe MSConfigStartUp-UpdateStar - c:\users\gebruiker\AppData\Roaming\UpdateStar\UpdateStar.exe AddRemove-Ares - c:\program files\Ares\uninstall.exe AddRemove-Panda3D 1.6.2 - c:\panda3d-1.6.2\uninst.exe AddRemove-UnityWebPlayer - c:\users\gebruiker\AppData\Local\Unity\WebPlayer\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 15:39 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\7290.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05020000}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms" . Voltooingstijd: 2010-02-15 15:43:13 ComboFix-quarantined-files.txt 2010-02-15 14:43 Pre-Run: 211,004,194,816 bytes beschikbaar Post-Run: 210,857,304,064 bytes beschikbaar - - End Of File - - C7B59033FE2A07BBFCD3FB43803113B8

[anoniem]

Hallo Jordi, gebruik je nog steeds de Norman antivirus?

[anoniem]

Ja, inderdaad. Die heb ik nog steeds. Is het beter van niet dan?

[anoniem]

Gewoon nog blijven gebruiken! Maar Combofix heeft een aantal virusscanners gevonden, die deels nog aktief zijn!

[anoniem]

ik heb alleen windows defender en norman standaard aan. Voor de rest heb ik in verband met het probleem nu de rootkitscanner van sophos en spybot search & destroy en natuurlijk combofix en mbam. Maar die starten niet automatisch op.

[anoniem]

Hallo Jordy!, het komt erop neer, dat jouw Windows besmet is met een polymorph virus. Dat zijn dus lastig te verwijderen krengen! Open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok), kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster [color=darkblue:a77137035c][b:a77137035c]File:: c:\windows\bthservsdp.d Folder:: C:\$AVG c:\program files\Sophos c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66} c:\programdata\F-Secure c:\program files\AVG c:\program files\McAfee Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\7290.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05020000}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"[/b:a77137035c][/color:a77137035c] Sla dit kladblokbestand op je bureaublad op als [b:a77137035c]CFScript.txt[/b:a77137035c]. [b:a77137035c][color=red:a77137035c]Nu eerst de antivirus deaktiveren![/color:a77137035c][/b:a77137035c] Sleep CFScript.txt in ComboFix.exe [img:a77137035c]http://home.kpn.nl/~stefsmeenk/CFScript.gif[/img:a77137035c] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!

[anoniem]

Ok, ik had alleen de mappen C:\$AVG c:\program files\AVG verwijderd. Dus kan ik die uit het script halen?

[anoniem]

Ja dat mag.

[anoniem]

ok, ik zal het denk ik morgen doen. Dan heb ik meer tijd om bij de scan aanwezig te zijn. Bedankt! :D

[anoniem]

Hallo Jod!. dat is goed hoor. Trouwens, dit mag je ook uit het script verwijderen: [b:4ed0e12324]File:: c:\windows\bthservsdp.d[/b:4ed0e12324] Is er abusievelijk in blijven staan, ben ik tot de ontdekking gekomen.

[anoniem]

Ok, ik krijg nu wel af en toe meldingen van APPCRASHES, zoals blwbxv.exe. op google kan ik niks over dit proces vinden. Misschien is er iets verwijderd, oid?

[anoniem]

Ongetwijfeld hangt het samen met al verwijderde malware, waardoor iets niet opgestart kan worden.

[anoniem]

Ok, ik heb het eerst gedaan met het script van u in de veilige modus, alleen de log wilde niet opstarten dus die heb ik niet. Hopelijk is dat niet erg. Daarna heb ik combofix weer in de veilige modus opgestart en dat log heb ik wel. ComboFix 10-02-12.01 - Jordy 02/16/2010 15:52:25.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1225 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\program files\McAfee\SiteAdvisor\apengine.dll c:\program files\McAfee\SiteAdvisor\chrome.manifest c:\program files\McAfee\SiteAdvisor\cntscan.dll c:\program files\McAfee\SiteAdvisor\Components\IMcFFPlg.xpt c:\program files\McAfee\SiteAdvisor\Components\McFFPlg.dll c:\program files\McAfee\SiteAdvisor\content.dat c:\program files\McAfee\SiteAdvisor\contents.rdf c:\program files\McAfee\SiteAdvisor\default.txt c:\program files\McAfee\SiteAdvisor\elist.dat c:\program files\McAfee\SiteAdvisor\ffplg.inf c:\program files\McAfee\SiteAdvisor\ieplg.inf c:\program files\McAfee\SiteAdvisor\install.rdf c:\program files\McAfee\SiteAdvisor\mcbrwctl.dll c:\program files\McAfee\SiteAdvisor\mcfrmwk.dll c:\program files\McAfee\SiteAdvisor\McIEPlg.dll c:\program files\McAfee\SiteAdvisor\McPlgUI.dll c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\program files\McAfee\SiteAdvisor\McSACorePS.dll c:\program files\McAfee\SiteAdvisor\msacmain.inf c:\program files\McAfee\SiteAdvisor\sa_cache_sqlite.dll c:\program files\McAfee\SiteAdvisor\sa_http_win32.dll c:\program files\McAfee\SiteAdvisor\SA_indep.inf c:\program files\McAfee\SiteAdvisor\SA_main.inf c:\program files\McAfee\SiteAdvisor\sa_mbl.dll c:\program files\McAfee\SiteAdvisor\sa_store_sqlite.dll c:\program files\McAfee\SiteAdvisor\SA_win32.inf c:\program files\McAfee\SiteAdvisor\sac.inf c:\program files\McAfee\SiteAdvisor\sachook.inf c:\program files\McAfee\SiteAdvisor\sacimg.inf c:\program files\McAfee\SiteAdvisor\sacomm.inf c:\program files\McAfee\SiteAdvisor\sacore.dll c:\program files\McAfee\SiteAdvisor\sacore.inf c:\program files\McAfee\SiteAdvisor\sacres.inf c:\program files\McAfee\SiteAdvisor\safelocalization.inf c:\program files\McAfee\SiteAdvisor\sahook.dll c:\program files\McAfee\SiteAdvisor\saplugin.dll c:\program files\McAfee\SiteAdvisor\sares.dll c:\program files\McAfee\SiteAdvisor\SASet.dll c:\program files\McAfee\SiteAdvisor\saSets.ini c:\program files\McAfee\SiteAdvisor\SaSSHMod.dll c:\program files\McAfee\SiteAdvisor\saupkeep.dll c:\program files\McAfee\SiteAdvisor\Scripts\balloon.html c:\program files\McAfee\SiteAdvisor\Scripts\balloon_logo.gif c:\program files\McAfee\SiteAdvisor\Scripts\balloon_logo_plus.gif c:\program files\McAfee\SiteAdvisor\Scripts\bullet.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_black.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_black_lock.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_disabled.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_green.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_green_lock.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_grey.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_grey_lock.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_hs.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_hs_lock.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_red.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_red_lock.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_yellow.gif c:\program files\McAfee\SiteAdvisor\Scripts\button_yellow_lock.gif c:\program files\McAfee\SiteAdvisor\Scripts\contents.rdf c:\program files\McAfee\SiteAdvisor\Scripts\down_arrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\download_careful.gif c:\program files\McAfee\SiteAdvisor\Scripts\download_unsafe.gif c:\program files\McAfee\SiteAdvisor\Scripts\empty.gif c:\program files\McAfee\SiteAdvisor\Scripts\g.png c:\program files\McAfee\SiteAdvisor\Scripts\g_banner_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_banner_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_banner_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_banner_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_bottom_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_bottom_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_bottom_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_bottom_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_facet.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_footer_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_footer_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_footer_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_header_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_header_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_header_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_icon.gif c:\program files\McAfee\SiteAdvisor\Scripts\g_upsell_border.gif c:\program files\McAfee\SiteAdvisor\Scripts\gl.png c:\program files\McAfee\SiteAdvisor\Scripts\gleftarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\gllc.png c:\program files\McAfee\SiteAdvisor\Scripts\glrc.png c:\program files\McAfee\SiteAdvisor\Scripts\gr.png c:\program files\McAfee\SiteAdvisor\Scripts\green.gif c:\program files\McAfee\SiteAdvisor\Scripts\greenbubble.gif c:\program files\McAfee\SiteAdvisor\Scripts\greendownarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\greenuparrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\grightarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\gul.png c:\program files\McAfee\SiteAdvisor\Scripts\gulc.png c:\program files\McAfee\SiteAdvisor\Scripts\gurc.png c:\program files\McAfee\SiteAdvisor\Scripts\hackersafe.gif c:\program files\McAfee\SiteAdvisor\Scripts\hs.gif c:\program files\McAfee\SiteAdvisor\Scripts\hs_icon.gif c:\program files\McAfee\SiteAdvisor\Scripts\locale\cs-CZ\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\cs-CZ\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\da-DK\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\da-DK\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\de-DE\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\de-DE\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\el-GR\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\el-GR\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-AU\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-AU\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-CA\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-CA\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-GB\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-GB\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-IE\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-IE\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-US\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\en-US\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-AR\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-AR\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-CL\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-CL\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-ES\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-ES\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-MX\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-MX\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-PE\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\es-PE\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\fi-FI\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\fi-FI\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\fr-CA\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\fr-CA\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\fr-FR\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\fr-FR\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\hu-HU\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\hu-HU\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\it-IT\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\it-IT\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\ja-JP\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\ja-JP\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\ko-KR\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\ko-KR\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\nb-NO\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\nb-NO\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\nl-NL\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\nl-NL\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\no-NO\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\no-NO\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\pl-PL\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\pl-PL\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\pt-BR\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\pt-BR\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\pt-PT\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\pt-PT\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\ru-RU\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\ru-RU\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\sk-SK\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\sk-SK\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\sv-SE\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\sv-SE\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\tr-TR\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\tr-TR\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\zh-CN\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\zh-CN\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\zh-TW\FF\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\locale\zh-TW\IE\safe.css c:\program files\McAfee\SiteAdvisor\Scripts\main.js c:\program files\McAfee\SiteAdvisor\Scripts\mainff.js c:\program files\McAfee\SiteAdvisor\Scripts\mcafee_logo.gif c:\program files\McAfee\SiteAdvisor\Scripts\mcafee_yahoo_cobranded_toolbar.gif c:\program files\McAfee\SiteAdvisor\Scripts\mcafeesiteadvisor.gif c:\program files\McAfee\SiteAdvisor\Scripts\protection.gif c:\program files\McAfee\SiteAdvisor\Scripts\r.png c:\program files\McAfee\SiteAdvisor\Scripts\r_banner_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_banner_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_banner_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_banner_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_bottom_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_bottom_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_bottom_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_bottom_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_facet.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_footer_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_footer_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_footer_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_header_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_header_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_header_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_icon.gif c:\program files\McAfee\SiteAdvisor\Scripts\r_upsell_border.gif c:\program files\McAfee\SiteAdvisor\Scripts\red.gif c:\program files\McAfee\SiteAdvisor\Scripts\redbubble.gif c:\program files\McAfee\SiteAdvisor\Scripts\reddownarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\reduparrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\rl.png c:\program files\McAfee\SiteAdvisor\Scripts\rleftarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\rllc.png c:\program files\McAfee\SiteAdvisor\Scripts\rlrc.png c:\program files\McAfee\SiteAdvisor\Scripts\rr.png c:\program files\McAfee\SiteAdvisor\Scripts\rrightarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\rul.png c:\program files\McAfee\SiteAdvisor\Scripts\rulc.png c:\program files\McAfee\SiteAdvisor\Scripts\rurc.png c:\program files\McAfee\SiteAdvisor\Scripts\safe-facet-green.gif c:\program files\McAfee\SiteAdvisor\Scripts\safe-facet-red.gif c:\program files\McAfee\SiteAdvisor\Scripts\safe-facet-white.gif c:\program files\McAfee\SiteAdvisor\Scripts\safe-facet-yellow.gif c:\program files\McAfee\SiteAdvisor\Scripts\safe.xul c:\program files\McAfee\SiteAdvisor\Scripts\safe_ff.js c:\program files\McAfee\SiteAdvisor\Scripts\safe_ie.js c:\program files\McAfee\SiteAdvisor\Scripts\safesearch.dat c:\program files\McAfee\SiteAdvisor\Scripts\safesearch.js c:\program files\McAfee\SiteAdvisor\Scripts\saffplg.js c:\program files\McAfee\SiteAdvisor\Scripts\searchglass.gif c:\program files\McAfee\SiteAdvisor\Scripts\siteadvisor.gif c:\program files\McAfee\SiteAdvisor\Scripts\untested.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_banner_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_banner_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_banner_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_banner_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_bottom_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_bottom_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_bottom_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_bottom_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_footer_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_footer_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_footer_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_header_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_header_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_header_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_icon.gif c:\program files\McAfee\SiteAdvisor\Scripts\w_upsell_border.gif c:\program files\McAfee\SiteAdvisor\Scripts\whitebubble.gif c:\program files\McAfee\SiteAdvisor\Scripts\whitedownarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\whiteuparrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\wleftarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\wrightarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\xdown.gif c:\program files\McAfee\SiteAdvisor\Scripts\xup.gif c:\program files\McAfee\SiteAdvisor\Scripts\y.png c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_banner_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_bottom_sep.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_facet.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_footer_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_header_c.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_header_l.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_header_r.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_icon.gif c:\program files\McAfee\SiteAdvisor\Scripts\y_upsell_border.gif c:\program files\McAfee\SiteAdvisor\Scripts\yellow.gif c:\program files\McAfee\SiteAdvisor\Scripts\yellowbubble.gif c:\program files\McAfee\SiteAdvisor\Scripts\yellowdownarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\yellowuparrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\yl.png c:\program files\McAfee\SiteAdvisor\Scripts\yleftarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\yllc.png c:\program files\McAfee\SiteAdvisor\Scripts\ylrc.png c:\program files\McAfee\SiteAdvisor\Scripts\yr.png c:\program files\McAfee\SiteAdvisor\Scripts\yrightarrow.gif c:\program files\McAfee\SiteAdvisor\Scripts\ytri.gif c:\program files\McAfee\SiteAdvisor\Scripts\yul.png c:\program files\McAfee\SiteAdvisor\Scripts\yulc.png c:\program files\McAfee\SiteAdvisor\Scripts\yurc.png c:\program files\McAfee\SiteAdvisor\sqlite3.dll c:\program files\McAfee\SiteAdvisor\subst.inf c:\program files\McAfee\SiteAdvisor\uninstall.exe c:\program files\Sophos\Sophos Anti-Rootkit\helper.exe c:\program files\Sophos\Sophos Anti-Rootkit\MEMSWEEP.sys c:\program files\Sophos\Sophos Anti-Rootkit\sar1.dll c:\program files\Sophos\Sophos Anti-Rootkit\sar2.dll c:\program files\Sophos\Sophos Anti-Rootkit\sar3.dll c:\program files\Sophos\Sophos Anti-Rootkit\sar4.dll c:\program files\Sophos\Sophos Anti-Rootkit\sar5.dll c:\program files\Sophos\Sophos Anti-Rootkit\sar6.dll c:\program files\Sophos\Sophos Anti-Rootkit\sarcli.exe c:\program files\Sophos\Sophos Anti-Rootkit\sargui.chm c:\program files\Sophos\Sophos Anti-Rootkit\sargui.exe c:\program files\Sophos\Sophos Anti-Rootkit\sarman.pdf c:\program files\Sophos\Sophos Anti-Rootkit\savrkboottasks.sys c:\programdata\F-Secure\Daas2\cert\fsc (revoke hq).crl c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\dpinst.exe c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\NV_DISP.CAT c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nv_disp.inf c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvapi.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvcod.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvcompiler.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvcplsetupint.exe c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvcuda.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvcuvenc.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvcuvid.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvd3dum.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvdecodemft.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvencodemft.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvlddmkm.sys c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvoglv32.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvudisp.exe c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\nvwgf2um.dll c:\users\gebruiker\{98581c2e-0f18-4008-a56f-7916e169ae66}\opencl.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_McAfee SiteAdvisor Service (((((((((((((((((((( Bestanden Gemaakt van 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))) . 2010-02-16 15:04 . 2010-02-16 15:04 -------- d-----w- c:\users\gebruiker\AppData\Local\temp 2010-02-16 15:04 . 2010-02-16 15:04 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-16 15:04 . 2010-02-16 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-16 15:04 . 2010-02-16 15:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2010-02-16 10:26 . 2010-02-16 10:26 52224 ----a-w- c:\users\gebruiker\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-16 10:26 . 2010-02-16 10:26 117760 ----a-w- c:\users\gebruiker\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-13 15:16 . 2010-02-14 12:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-13 15:16 . 2010-02-13 18:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-13 15:02 . 2010-02-15 12:45 -------- d-----w- c:\program files\Enigma Software Group 2010-02-12 12:53 . 2009-10-14 12:03 23392 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys 2010-02-12 12:53 . 2009-10-07 08:39 210248 ----a-w- c:\windows\system32\nscrnsav.scr 2010-02-11 17:23 . 2010-02-11 18:23 -------- d-----w- c:\users\gebruiker\AppData\Roaming\SoundSpectrum 2010-02-11 17:22 . 2009-04-05 01:01 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll 2010-02-11 17:22 . 2010-02-11 17:22 -------- d-----w- c:\program files\SoundSpectrum 2010-02-10 12:44 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-10 12:44 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-09 15:29 . 2010-02-09 15:29 -------- d-----w- c:\program files\Microsoft Expression 2010-02-05 14:33 . 2010-02-05 14:33 -------- d-----w- c:\users\gebruiker\AppData\Roaming\HPAppData 2010-02-05 14:18 . 2010-02-05 14:19 23188 ----a-w- c:\windows\hpqins15.dat 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll 2010-02-04 13:40 . 2010-02-04 13:40 290816 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll 2010-02-03 18:22 . 2010-02-03 18:22 -------- d-----w- c:\users\gebruiker\AppData\Roaming\HPAppData(93) 2010-02-02 19:00 . 2010-02-02 19:06 -------- d-----w- c:\program files\Uniblue 2010-02-02 16:07 . 2010-02-02 16:07 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-01 12:48 . 2010-02-01 12:48 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2010-02-01 12:48 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 12:48 . 2010-02-01 12:48 -------- d-----w- c:\programdata\Malwarebytes 2010-02-01 12:48 . 2010-02-14 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-01 12:48 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-25 14:51 . 2010-01-25 14:53 -------- d-----w- c:\users\gebruiker\AppData\Roaming\QuickScan 2010-01-19 14:42 . 2010-01-19 14:42 -------- d-----w- c:\program files\Chami . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-16 10:20 . 2009-11-08 12:19 70863 ----a-w- c:\programdata\nvModes.dat 2010-02-16 10:19 . 2008-01-04 19:49 -------- d-----w- c:\program files\Norman 2010-02-15 20:56 . 2007-10-31 00:09 835466 ----a-w- c:\windows\system32\perfh013.dat 2010-02-15 20:56 . 2007-10-31 00:09 186746 ----a-w- c:\windows\system32\perfc013.dat 2010-02-15 17:21 . 2010-01-03 12:41 -------- d-----w- c:\users\gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2010-02-14 13:20 . 2009-01-29 14:40 -------- d-----w- c:\program files\T.EDv6 2010-02-14 13:17 . 2009-08-31 11:34 -------- d-----w- c:\users\gebruiker\AppData\Roaming\EditPlus 3 2010-02-14 13:02 . 2009-09-17 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-14 13:02 . 2010-01-03 12:41 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-11 13:36 . 2008-08-27 12:11 -------- d-----w- c:\program files\Google 2010-02-10 16:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-09 17:31 . 2009-10-26 18:35 -------- d-----w- c:\users\gebruiker\AppData\Roaming\KeePass 2010-02-07 19:31 . 2008-09-15 16:32 -------- d-----w- c:\program files\EA SPORTS 2010-02-07 17:43 . 2009-08-15 19:36 -------- d-----w- c:\users\gebruiker\AppData\Roaming\HpUpdate 2010-02-07 16:17 . 2008-02-21 07:02 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-05 14:18 . 2007-10-30 16:10 -------- d-----w- c:\program files\HP 2010-02-04 13:40 . 2008-06-16 13:35 -------- d-----w- c:\program files\SystemRequirementsLab 2010-02-04 13:40 . 2009-12-01 07:14 -------- d-----w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab 2010-02-04 13:34 . 2008-06-13 21:46 -------- d-----w- c:\programdata\NVIDIA 2010-02-04 13:20 . 2009-12-17 12:11 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Notepad++ 2010-02-04 13:20 . 2008-01-12 16:17 -------- d-----w- c:\programdata\HP Product Assistant 2010-02-02 19:01 . 2008-04-20 13:29 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Uniblue 2010-01-22 14:24 . 2010-01-10 12:59 -------- d-----w- c:\program files\WinRescue Vista 2010-01-21 14:14 . 2008-02-27 18:24 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-15 15:35 . 2010-01-15 15:34 -------- d-----w- c:\program files\CPU Speed Pro 2010-01-14 10:12 . 2009-10-03 12:04 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 21:18 . 2010-01-11 21:18 962664 ----a-w- c:\windows\system32\nvsvc.dll 2010-01-11 21:18 . 2010-01-11 21:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-11 21:18 . 2010-01-11 21:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-01-11 21:18 . 2010-01-11 21:18 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-06 17:59 . 2010-01-06 17:59 -------- d-----w- c:\programdata\MySQL 2010-01-03 12:42 . 2010-01-03 12:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-01-02 06:38 . 2010-01-22 20:18 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 20:18 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 20:18 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 20:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-30 11:02 . 2009-07-10 14:23 190160 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-30 09:17 . 2009-07-10 14:23 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-12-23 12:23 . 2009-12-23 11:09 39 ----a-w- c:\users\gebruiker\jagex_runescape_preferences.dat 2009-12-23 12:19 . 2009-12-23 11:09 69 ----a-w- c:\users\gebruiker\jagex_runescape_preferences2.dat 2009-12-08 20:01 . 2010-02-10 12:43 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-10 12:43 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-10 12:43 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-10 12:43 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-12-04 18:30 . 2010-02-10 12:43 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 12:43 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 12:43 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 12:43 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 12:43 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 12:43 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 12:43 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 12:43 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 12:43 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-04 15:56 . 2010-02-10 12:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 15:56 . 2010-02-10 12:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2009-12-01 07:14 . 2009-12-01 07:14 138240 ----a-w- c:\users\gebruiker\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2009-05-15 15:28 . 2009-05-15 15:28 76 --sh--r- c:\windows\FFSSET.BIN 2007-10-31 00:32 . 2007-10-31 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ------- Sigcheck ------- [-] 2008-01-19 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\asyncmac.sys [-] 2008-01-19 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys [-] 2008-01-19 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\beep.sys [-] 2008-01-19 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys [-] 2008-01-19 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\null.sys [-] 2008-01-19 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys [-] 2008-01-19 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\browser.dll [-] 2008-01-19 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll [-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\lsass.exe [-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe [-] 2008-01-19 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\netman.dll [-] 2008-01-19 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll [-] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll [-] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\rpcss.dll [-] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll [-] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\services.exe [-] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe [-] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\spoolsv.exe [-] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe [-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\winlogon.exe [-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe [-] 2008-01-19 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll [-] 2008-01-19 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll [-] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\cryptsvc.dll [-] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll [-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\ERDNT\cache\es.dll [-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll [-] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\imm32.dll [-] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll [-] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\kernel32.dll [-] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll [-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\linkinfo.dll [-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll [-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\ERDNT\cache\lpk.dll [-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll [-] 2010-01-02 . DF4D546A6E1C8D0F4FC10FCC9E422763 . 5942784 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\mshtml.dll [-] 2010-01-02 . DF4D546A6E1C8D0F4FC10FCC9E422763 . 5942784 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll [-] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\ERDNT\cache\msvcrt.dll [-] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\System32\msvcrt.dll [-] 2004-08-05 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\SMINST\msvcrt.dll [-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\mswsock.dll [-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll [-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\netlogon.dll [-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll [-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\powrprof.dll [-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll [-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\scecli.dll [-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll [-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\sfc.dll [-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll [-] 2008-01-19 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\svchost.exe [-] 2008-01-19 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe [-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\tapisrv.dll [-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll [-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\user32.dll [-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll [-] 2008-01-19 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\userinit.exe [-] 2008-01-19 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe [-] 2010-01-02 . 91B8712BDC74295DA14A08F519B70D65 . 916480 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\wininet.dll [-] 2010-01-02 . 91B8712BDC74295DA14A08F519B70D65 . 916480 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll [-] 2008-01-19 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\ws2_32.dll [-] 2008-01-19 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll [-] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe [-] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\explorer.exe [-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\cngaudit.dll [-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll [-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\ctfmon.exe [-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe [-] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\shsvcs.dll [-] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [-] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\regsvc.dll [-] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll [-] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\schedsvc.dll [-] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll [-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\ssdpsrv.dll [-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll [-] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\termsrv.dll [-] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll [-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\ias.dll [-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll [-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll [-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll [-] 2008-01-19 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\upnphost.dll [-] 2008-01-19 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "Google Update"="c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-05 135664] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-06-10 54672] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-11-24 189824] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ Isdelete\0autocheck autochk /k:C * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):a8,e2,28,01,8c,fa,c9,01 R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [2/12/2010 1:53 PM 25032] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2/12/2010 1:53 PM 61512] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2/12/2010 1:53 PM 24168] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [5/16/2007 1:54 AM 28160] S2 gupdate1c9c359db5df5f7;Google Update Service (gupdate1c9c359db5df5f7);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 3:51 PM 133104] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [2/12/2010 1:53 PM 103752] S2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [2/12/2010 1:53 PM 97752] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/13/2010 4:16 PM 1153368] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [5/27/2008 3:51 PM 1527900] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [3/31/2009 5:44 PM 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2/12/2010 1:53 PM 283976] S3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [2/12/2010 1:53 PM 23392] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2/12/2010 1:53 PM 202056] S3 PCD5SRVC{BD6912E3-AC9D80E8-05020000};PCD5SRVC{BD6912E3-AC9D80E8-05020000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [5/16/2007 1:47 AM 25632] S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2/12/2010 1:53 PM 133272] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5/27/2008 3:52 PM 544768] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 1:28 AM 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 14:51] 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 14:51] 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3847781438-3627025340-978385420-1000Core.job - c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 13:12] 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3847781438-3627025340-978385420-1000UA.job - c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 13:12] 2010-02-16 c:\windows\Tasks\HPCeeScheduleForgebruiker.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-10-30 15:55] 2010-12-14 c:\windows\Tasks\User_Feed_Synchronization-{218F3DBE-CB9B-4610-92A5-CA198EA3834B}.job - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56] . . ------- Bijkomende Scan ------- . uStart Page = www.runescape.com/ DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\sc1wnh5z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/ FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\gebruiker\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\users\gebruiker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\sc1wnh5z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - AddRemove-Sophos-AntiRootkit - c:\program files\Sophos\Sophos Anti-Rootkit\helper.exe AddRemove-{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} - c:\program files\McAfee\SiteAdvisor\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-16 16:04 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\3D3E.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05020000}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms" . Voltooingstijd: 2010-02-16 16:08:49 ComboFix-quarantined-files.txt 2010-02-16 15:08 ComboFix2.txt 2010-02-15 14:43 Pre-Run: 211,750,985,728 bytes beschikbaar Post-Run: 211,594,547,200 bytes beschikbaar - - End Of File - - B9ECB89A30668BDE970A5A06DF69637D

[anoniem]

Hallo Jordy!, je mag Combofix verwijderen: typ in de zoekregel cmd en klik dan in het Startmenu met rechts op de snelkoppling van cmd en kies voor AlsAdministrator uitvoeren. Typ/kopieer [b:fbea4e9086]Combofix /Uninstall[/b:fbea4e9086] Klaar, typ dan [b:fbea4e9086]Exit[/b:fbea4e9086] Het virus zit er overigens nog! Download, installeer en blijf [b:fbea4e9086]a-squared Free 4.5 [/b:fbea4e9086]gebruiken. Direkt na de installatie wil ook [b:fbea4e9086]a-squared Free 4.5[/b:fbea4e9086] updaten. Dat verhinder je. Start [b:fbea4e9086]a-squared Free 4.5[/b:fbea4e9086] en klik op [b:fbea4e9086]Configureer updates[/b:fbea4e9086] en [b:fbea4e9086]haal dan het vinkje weg bij Extra talen installeren[/b:fbea4e9086]! Hierna kan je [b:fbea4e9086]a-squared Free 4.5[/b:fbea4e9086] de nieuwste definities binnenhalen. [b:fbea4e9086]Nadat de update gedaan is kies je voor [B]Grondige Scan[/b:fbea4e9086].[/B] [url=http://www.emsisoft.nl/asquaredfree/index.htm][i:fbea4e9086][b:fbea4e9086]Download a-squared Free 4.5[/b:fbea4e9086][/i:fbea4e9086][/url] [b:fbea4e9086]Vista- en Windows 7 gebruik(st)ers: klik de betreffende snelkoppeling met rechts aan en kies voor Eigenschappen. In het Eigenschappenvenster klik je dan op de knop Geavanceerd en zet je een vinkje bij Als administrator uitvoeren.[/b:fbea4e9086] Post het log van a-squared!

[anoniem]

Ik ben bezig, het verwijderen van combofix lukt niet: C:\Windows\system32>Combofix /Uninstall Combofix wordt niet herkend als een interne of externe opdracht, programma of batchbestand.

[anoniem]

Dan maar handmatig verwijderen - Quubox ook!