Onderwerp: slome computer en 43 virussen opeens

Korte (duidelijke!) omschrijving van het probleem:
Eergisteren had ik een slomme computer en mbam gaf niks aan toen met avira antivir personal getest en daar kwamen 3 virussen uit.
Alles verwijderd nog eens met mbam en daar kwam niks uit.
Vandaag nog een getest nadat de computer weel sloom werd nu geeft mbam 43! virussen aan (nog niet met avira gedaan).
Ik heb me logjes van gisteren na het verwijderen trouwens ook dus als u die wilt.
Heel erg bedankt


Malwarebytes' Anti-Malware log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org


Databaseversie: v2012.01.08.03


Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Eva :: PC_VAN_EVA [administrator]


8-1-2012 19:43:10
mbam-log-2012-01-08 (19-43-10).txt


Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 212527
Verstreken tijd: 7 minuut/minuten, 31 seconde(n)


Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)


Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)


Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)


Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)


Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)


Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)


Bestanden gedetecteerd: 45
C:\Users\Eva\AppData\Local\Temp\+~JF1046532497799114769.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF1661543240162280627.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF1702037392969392200.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF2045859732284448738.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF2587720010203308216.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF2845900057900242221.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF3106834355639568564.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF3837228744801149075.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF3895513495685129874.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF4054577949734125000.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF4077064659814034248.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF4780424009592466491.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF4860193744447768526.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF5137471219901213238.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF5156212188562974713.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF5389674114559365208.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF5855584051706986879.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF5939958106944714517.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF5966860239876516598.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF5997237070182093649.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF6083390467291186909.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF6201784188434541011.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF6305839038197632762.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF6345321463439797686.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF6743507088621582988.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF6781520572874467941.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF7003952199907438517.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF7070973020611219960.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF7227898056397198861.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF7637568581291449624.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF7711625718367468570.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF7952481357647689340.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF8247826636417286602.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF8417151725326313907.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF8522496004107078799.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF8550095586774202668.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF8666227593561707559.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF8704735826094142848.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF8843076535711860297.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF9076972494344705991.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF9157549825448744768.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF9216750135484353202.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF463325846721344330.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF602799568945050682.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eva\AppData\Local\Temp\+~JF64367935483956025.tmp (Exploit.Drop.3) -> Succesvol in quarantaine geplaatst en verwijderd.

HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:00, on 8-1-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal


Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\quicktime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Eva\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\msagent\AgentSvr.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Eva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
h:\Users\Eva\Downloads\Nieuwe map\hijack\Trend Micro\HiJackThis\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.een.be/programmas/junior-...e-ik-wil-leven
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "H:\Users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
O4 - HKLM\..\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "H:\Users\Eva\Downloads\Nieuwe map\Orbitdownloader\GrabPro.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://assets.wrts.nl (HKLM)
O15 - Trusted Zone: http://www.wrts.nl (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/soft...5116/CTPID.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updateservice (gupdate1c9be9f5d4ccc58) (gupdate1c9be9f5d4ccc58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - H:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--

Ik kan spybot niet uitschakelen als ik via http://www.techsupportforum.com/foru...ns-490111.html de teatimer reset download en hem dan laat draaien zegt hij dat de processen niet gevonden kunnen worden (het staat uit). Als ik dan kijk of het vinkje aan of uit staat staat het vinkje er wel gewoon en kan ik die niet weghalen omdat het lichtgrijs is.
Met avira heb ik trouwens geen probleem.

sorry kreeg mijn vorige post niet verwijderd het is al opgelost.
Ik heb combofix gedraaid en kreeg tijdens h het draaien wel de melding van windows dat PEV.exe niet meer werkte.
Internet exploder staat nu ook (opeens) op mijn bureaublad.

hier het logje:

ComboFix 12-01-09.02 - Eva 09-01-2012 14:13:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1918.1258 [GMT 1:00]
Gestart vanuit: c:\users\Eva\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\users\Eva\AppData\Local\.#
c:\users\Eva\AppData\Roaming\6238.5F6
c:\users\Eva\AppData\Roaming\Microsoft\~DFK8a5256.tmp
c:\users\Eva\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Eva\AppData\Roaming\Microsoft\bass.dll
c:\users\Eva\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Eva\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Eva\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Eva\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Eva\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Eva\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\bwUnin-6.1.4.36-8876480L.exe
c:\windows\IsUn0413.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\Dump
c:\windows\system32\Dump\MiniDump.dmp
c:\windows\unin0413.exe
h:\users\Eva\Documenten\~WRL0004.tmp
h:\users\Eva\Documenten\~WRL0005.tmp
h:\users\Eva\Documenten\~WRL0239.tmp
h:\users\Eva\Documenten\~WRL0242.tmp
h:\users\Eva\Documenten\~WRL0419.tmp
h:\users\Eva\Documenten\~WRL0511.tmp
h:\users\Eva\Documenten\~WRL0615.tmp
h:\users\Eva\Documenten\~WRL0755.tmp
h:\users\Eva\Documenten\~WRL0881.tmp
h:\users\Eva\Documenten\~WRL0912.tmp
h:\users\Eva\Documenten\~WRL0915.tmp
h:\users\Eva\Documenten\~WRL1162.tmp
h:\users\Eva\Documenten\~WRL1207.tmp
h:\users\Eva\Documenten\~WRL1276.tmp
h:\users\Eva\Documenten\~WRL1434.tmp
h:\users\Eva\Documenten\~WRL1475.tmp
h:\users\Eva\Documenten\~WRL1835.tmp
h:\users\Eva\Documenten\~WRL1895.tmp
h:\users\Eva\Documenten\~WRL2103.tmp
h:\users\Eva\Documenten\~WRL2110.tmp
h:\users\Eva\Documenten\~WRL2406.tmp
h:\users\Eva\Documenten\~WRL2414.tmp
h:\users\Eva\Documenten\~WRL2486.tmp
h:\users\Eva\Documenten\~WRL2579.tmp
h:\users\Eva\Documenten\~WRL2839.tmp
h:\users\Eva\Documenten\~WRL2933.tmp
h:\users\Eva\Documenten\~WRL3072.tmp
h:\users\Eva\Documenten\~WRL3237.tmp
h:\users\Eva\Documenten\~WRL3379.tmp
h:\users\Eva\Documenten\~WRL3748.tmp
h:\users\Eva\Documenten\~WRL4033.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-09 to 2012-01-09 ))))))))))))))))))))))))))))))
.
.
2012-01-09 13:19 . 2012-01-09 13:20 -------- d-----w- c:\users\Eva\AppData\Local\temp
2012-01-09 13:19 . 2012-01-09 13:19 -------- d-----w- c:\users\peter\AppData\Local\temp
2012-01-09 12:25 . 2012-01-09 12:26 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{351AE37F-E0AB-414C-B8C6-804DE2A53515}\offreg.dll
2012-01-08 10:35 . 2012-01-08 10:35 388096 ----a-r- c:\users\Eva\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 14:28 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{351AE37F-E0AB-414C-B8C6-804DE2A53515}\mpengine.dll
2012-01-05 10:47 . 2009-07-13 08:13 38400 ----a-w- c:\windows\system32\drivers\DgivEcp.sys
2012-01-05 10:47 . 2009-07-13 08:16 36864 ------w- c:\windows\system32\SvcMan.exe
2012-01-05 10:45 . 2012-01-05 10:47 -------- d-----w- c:\program files\SmarThru 4
2012-01-05 10:43 . 2012-01-05 10:43 -------- d-----w- c:\program files\Scan Assistant
2012-01-05 10:42 . 2012-01-05 10:42 -------- d-----w- c:\users\Eva\AppData\Local\S2PC
2012-01-05 10:41 . 2012-01-05 10:41 -------- d-----w- c:\users\Eva\AppData\Roaming\InstallShield
2012-01-05 10:41 . 2011-04-29 07:42 493432 ----a-w- c:\windows\ssndii.exe
2012-01-05 10:40 . 2012-01-05 10:40 -------- d-----w- c:\windows\Samsung
2012-01-05 10:40 . 2011-04-29 07:42 124792 ----a-w- c:\windows\Wiainst.exe
2012-01-05 10:39 . 2009-08-27 09:24 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst2cpc.dll
2012-01-05 10:38 . 2009-08-27 09:24 26624 ----a-w- c:\windows\system32\sst2cl3.dll
2012-01-05 10:38 . 2009-08-27 09:23 151552 ----a-w- c:\windows\system32\sst2cci.exe
2012-01-05 10:38 . 2009-08-27 09:23 65536 ----a-w- c:\windows\system32\sst2cci.dll
2012-01-05 10:38 . 2009-07-13 12:57 81920 ----a-w- c:\windows\system32\ssdevm.dll
2012-01-05 10:38 . 2009-07-13 12:57 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-01-05 10:38 . 2009-07-13 12:57 38160 ----a-w- c:\windows\system32\msxml2r.dll
2012-01-05 10:38 . 2009-07-13 12:57 701440 ----a-w- c:\windows\system32\msxml2.dll
2012-01-05 10:38 . 2009-07-13 12:57 21776 ----a-w- c:\windows\system32\msxml2a.dll
2012-01-05 10:37 . 2009-07-11 00:44 49152 ----a-w- c:\windows\system32\Ssusbpn.dll
2012-01-05 10:37 . 2011-04-29 00:18 90112 ----a-w- c:\windows\system32\SaSegFlt.dll
2012-01-05 10:37 . 2011-04-29 00:18 274432 ----a-w- c:\windows\system32\SaMinDrv.dll
2012-01-05 10:37 . 2011-04-29 00:18 106496 ----a-w- c:\windows\system32\SaImgFlt.dll
2012-01-05 10:37 . 2011-04-29 00:18 61440 ----a-w- c:\windows\system32\SaErHdlr.dll
2012-01-05 10:36 . 2012-01-05 10:36 -------- d-----w- c:\program files\Samsung
2012-01-05 10:36 . 2009-07-12 03:16 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-12-30 21:41 . 2011-12-31 09:46 -------- d-----w- c:\users\Eva\AppData\Local\BlueStacks
2011-12-30 21:41 . 2011-12-30 21:41 -------- d-----w- c:\programdata\BlueStacks
2011-12-30 21:41 . 2011-12-30 21:41 -------- d-----w- c:\program files\BlueStacks
2011-12-28 14:26 . 2011-12-28 14:46 -------- d-----w- c:\programdata\PopCap Games
2011-12-26 11:55 . 2011-12-26 11:55 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-12-26 11:02 . 2011-12-26 11:02 -------- d-----w- c:\users\Eva\AppData\Local\FILSH_Media_GmbH
2011-12-18 15:57 . 2011-12-18 15:57 -------- d-----w- c:\users\Eva\AppData\Roaming\ShinyTales
2011-12-15 17:36 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 17:36 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 17:36 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 17:34 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 17:34 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 17:32 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 17:32 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 15:51 . 2010-06-11 20:20 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-12-10 14:24 . 2011-01-30 16:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 14:20 . 2011-05-15 08:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2010-06-20 09:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-29 19:10 . 2011-05-01 08:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2006-12-15 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="h:\program files\quicktime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="h:\users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 14:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 16:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 16:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 16:50 981680 ----a-w- h:\users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCDriverInstaller]
2002-09-20 13:58 638976 ----a-w- c:\progra~1\COMMON~1\Logitech\QCDRIV~1\Lqdsw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- h:\program files\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-03-06 20:24 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849101577-754548134-3661268789-1001Core.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-28 12:33]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849101577-754548134-3661268789-1001UA.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-28 12:33]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{42379F1E-82DB-41CB-96B3-C756EE0F9E1A}.job
- c:\windows\system32\msfeedssync.exe [2011-05-07 12:52]
.
2012-01-09 c:\windows\Tasks\User_Feed_Synchronization-{5088728A-5B4D-451D-9DE3-0143B28D169A}.job
- c:\windows\system32\msfeedssync.exe [2011-05-07 12:52]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.een.be/programmas/junior-eurosong/tune-ik-wil-leven
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: wrts.nl\assets
Trusted Zone: wrts.nl\www
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\a0bml74x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=100474&mntrId=264e9a6000000000000000160a1067de&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=264e9a6000000000000000160a1067de
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKCU-Run-WebCamRT.exe - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKU-Default-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Freecorder FLV Service - h:\users\Eva\Downloads\Nieuwe map\Nieuwe map\FLVSrvc.exe
MSConfigStartUp-HyvesDesktop - c:\progra~1\HYVESD~1\bin\HYVESD~1.EXE
MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe
MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
MSConfigStartUp-LogitechVideoTray - c:\program files\Logitech\Video\LogiTray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Any Video Converter_is1 - h:\users\Eva\Downloads\Nieuwe map\Any Video Converter\unins000.exe
AddRemove-Biologie voor jou Leerlingen-cd-rom 2 Havo Vwo - c:\windows\IsUn0413.exe
AddRemove-Chicken Invaders_is1 - h:\users\Eva\Downloads\Chicken Invaders\unins000.exe
AddRemove-JB topografie Europa - c:\windows\unin0413.exe
AddRemove-RekenTest_is1 - h:\users\Eva\Downloads\Nieuwe map\RekenTest3\unins000.exe
AddRemove-uTorrent - h:\users\Eva\Downloads\programma's\uTorrent.exe
AddRemove-Weet wat je eet - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 14:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2012-01-09 14:23:12
ComboFix-quarantined-files.txt 2012-01-09 13:22
.
Pre-Run: 8.723.927.040 bytes beschikbaar
Post-Run: 12.571.238.400 bytes beschikbaar
.
- - End Of File - - 289528CB356A2E73418D36B91FEED6C2

ComboFix 12-01-09.03 - Eva 09-01-2012 18:56:17.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1918.851 [GMT 1:00]
Gestart vanuit: c:\users\Eva\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-09 to 2012-01-09 ))))))))))))))))))))))))))))))
.
.
2012-01-09 18:03 . 2012-01-09 18:04 -------- d-----w- c:\users\Eva\AppData\Local\temp
2012-01-09 18:03 . 2012-01-09 18:03 -------- d-----w- c:\users\peter\AppData\Local\temp
2012-01-09 18:03 . 2012-01-09 18:03 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-01-09 18:03 . 2012-01-09 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-09 13:27 . 2012-01-09 13:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{351AE37F-E0AB-414C-B8C6-804DE2A53515}\offreg.dll
2012-01-08 10:35 . 2012-01-08 10:35 388096 ----a-r- c:\users\Eva\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 14:28 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{351AE37F-E0AB-414C-B8C6-804DE2A53515}\mpengine.dll
2012-01-05 10:47 . 2009-07-13 08:13 38400 ----a-w- c:\windows\system32\drivers\DgivEcp.sys
2012-01-05 10:47 . 2009-07-13 08:16 36864 ------w- c:\windows\system32\SvcMan.exe
2012-01-05 10:45 . 2012-01-05 10:47 -------- d-----w- c:\program files\SmarThru 4
2012-01-05 10:43 . 2012-01-05 10:43 -------- d-----w- c:\program files\Scan Assistant
2012-01-05 10:42 . 2012-01-05 10:42 -------- d-----w- c:\users\Eva\AppData\Local\S2PC
2012-01-05 10:41 . 2012-01-05 10:41 -------- d-----w- c:\users\Eva\AppData\Roaming\InstallShield
2012-01-05 10:41 . 2011-04-29 07:42 493432 ----a-w- c:\windows\ssndii.exe
2012-01-05 10:40 . 2012-01-05 10:40 -------- d-----w- c:\windows\Samsung
2012-01-05 10:40 . 2011-04-29 07:42 124792 ----a-w- c:\windows\Wiainst.exe
2012-01-05 10:39 . 2009-08-27 09:24 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst2cpc.dll
2012-01-05 10:38 . 2009-08-27 09:24 26624 ----a-w- c:\windows\system32\sst2cl3.dll
2012-01-05 10:38 . 2009-08-27 09:23 151552 ----a-w- c:\windows\system32\sst2cci.exe
2012-01-05 10:38 . 2009-08-27 09:23 65536 ----a-w- c:\windows\system32\sst2cci.dll
2012-01-05 10:38 . 2009-07-13 12:57 81920 ----a-w- c:\windows\system32\ssdevm.dll
2012-01-05 10:38 . 2009-07-13 12:57 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-01-05 10:38 . 2009-07-13 12:57 38160 ----a-w- c:\windows\system32\msxml2r.dll
2012-01-05 10:38 . 2009-07-13 12:57 701440 ----a-w- c:\windows\system32\msxml2.dll
2012-01-05 10:38 . 2009-07-13 12:57 21776 ----a-w- c:\windows\system32\msxml2a.dll
2012-01-05 10:37 . 2009-07-11 00:44 49152 ----a-w- c:\windows\system32\Ssusbpn.dll
2012-01-05 10:37 . 2011-04-29 00:18 90112 ----a-w- c:\windows\system32\SaSegFlt.dll
2012-01-05 10:37 . 2011-04-29 00:18 274432 ----a-w- c:\windows\system32\SaMinDrv.dll
2012-01-05 10:37 . 2011-04-29 00:18 106496 ----a-w- c:\windows\system32\SaImgFlt.dll
2012-01-05 10:37 . 2011-04-29 00:18 61440 ----a-w- c:\windows\system32\SaErHdlr.dll
2012-01-05 10:36 . 2012-01-05 10:36 -------- d-----w- c:\program files\Samsung
2012-01-05 10:36 . 2009-07-12 03:16 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-12-30 21:41 . 2011-12-31 09:46 -------- d-----w- c:\users\Eva\AppData\Local\BlueStacks
2011-12-30 21:41 . 2011-12-30 21:41 -------- d-----w- c:\programdata\BlueStacks
2011-12-30 21:41 . 2011-12-30 21:41 -------- d-----w- c:\program files\BlueStacks
2011-12-28 14:26 . 2011-12-28 14:46 -------- d-----w- c:\programdata\PopCap Games
2011-12-26 11:55 . 2011-12-26 11:55 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-12-26 11:02 . 2011-12-26 11:02 -------- d-----w- c:\users\Eva\AppData\Local\FILSH_Media_GmbH
2011-12-18 15:57 . 2011-12-18 15:57 -------- d-----w- c:\users\Eva\AppData\Roaming\ShinyTales
2011-12-15 17:36 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 17:36 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 17:36 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 17:34 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 17:34 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 17:32 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 17:32 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 15:51 . 2010-06-11 20:20 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-12-10 14:24 . 2011-01-30 16:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 14:20 . 2011-05-15 08:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2010-06-20 09:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-29 19:10 . 2011-05-01 08:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2006-12-15 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="h:\program files\quicktime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="h:\users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 14:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 16:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 16:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 16:50 981680 ----a-w- h:\users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCDriverInstaller]
2002-09-20 13:58 638976 ----a-w- c:\progra~1\COMMON~1\Logitech\QCDRIV~1\Lqdsw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- h:\program files\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-03-06 20:24 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849101577-754548134-3661268789-1001Core.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-28 12:33]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849101577-754548134-3661268789-1001UA.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-28 12:33]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{42379F1E-82DB-41CB-96B3-C756EE0F9E1A}.job
- c:\windows\system32\msfeedssync.exe [2011-05-07 12:52]
.
2012-01-09 c:\windows\Tasks\User_Feed_Synchronization-{5088728A-5B4D-451D-9DE3-0143B28D169A}.job
- c:\windows\system32\msfeedssync.exe [2011-05-07 12:52]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.een.be/programmas/junior-eurosong/tune-ik-wil-leven
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: wrts.nl\assets
Trusted Zone: wrts.nl\www
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\a0bml74x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=100474&mntrId=264e9a6000000000000000160a1067de&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=264e9a6000000000000000160a1067de
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 19:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2012-01-09 19:06:34
ComboFix-quarantined-files.txt 2012-01-09 18:06
ComboFix2.txt 2012-01-09 13:23
.
Pre-Run: 12.215.775.232 bytes beschikbaar
Post-Run: 12.102.983.680 bytes beschikbaar
.
- - End Of File - - 68F41B177B234C71EEF6C6973A3E06DE

Ik zal nog eens die laatste doen,kan het niet toevallig komen dat chrome mijn standaardbrowser is en niet firefox.

is goed zal ik doen en daarna maak ik het logje voor u.

Ik moest trouwens na het updaten van combofix hem opnieuw opstarten omdat hij zij dat hij het bestand combofix niet kon vinden toen heb ik hem weer opgestart met het erheen slepen.

ComboFix 12-01-10.02 - Eva 10-01-2012 20:53:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1918.755 [GMT 1:00]
Gestart vanuit: c:\users\Eva\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Eva\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))))
.
.
2012-01-10 20:00 . 2012-01-10 20:00 -------- d-----w- c:\users\Eva\AppData\Local\temp
2012-01-10 20:00 . 2012-01-10 20:00 -------- d-----w- c:\users\peter\AppData\Local\temp
2012-01-10 20:00 . 2012-01-10 20:00 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-01-10 20:00 . 2012-01-10 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 15:32 . 2012-01-10 15:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531BDE3B-A146-4C69-A640-8AFF284F48BF}\offreg.dll
2012-01-10 15:32 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531BDE3B-A146-4C69-A640-8AFF284F48BF}\mpengine.dll
2012-01-08 10:35 . 2012-01-08 10:35 388096 ----a-r- c:\users\Eva\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-05 10:47 . 2009-07-13 08:13 38400 ----a-w- c:\windows\system32\drivers\DgivEcp.sys
2012-01-05 10:47 . 2009-07-13 08:16 36864 ------w- c:\windows\system32\SvcMan.exe
2012-01-05 10:45 . 2012-01-05 10:47 -------- d-----w- c:\program files\SmarThru 4
2012-01-05 10:43 . 2012-01-05 10:43 -------- d-----w- c:\program files\Scan Assistant
2012-01-05 10:42 . 2012-01-05 10:42 -------- d-----w- c:\users\Eva\AppData\Local\S2PC
2012-01-05 10:41 . 2012-01-05 10:41 -------- d-----w- c:\users\Eva\AppData\Roaming\InstallShield
2012-01-05 10:41 . 2011-04-29 07:42 493432 ----a-w- c:\windows\ssndii.exe
2012-01-05 10:40 . 2012-01-05 10:40 -------- d-----w- c:\windows\Samsung
2012-01-05 10:40 . 2011-04-29 07:42 124792 ----a-w- c:\windows\Wiainst.exe
2012-01-05 10:39 . 2009-08-27 09:24 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst2cpc.dll
2012-01-05 10:38 . 2009-08-27 09:24 26624 ----a-w- c:\windows\system32\sst2cl3.dll
2012-01-05 10:38 . 2009-08-27 09:23 151552 ----a-w- c:\windows\system32\sst2cci.exe
2012-01-05 10:38 . 2009-08-27 09:23 65536 ----a-w- c:\windows\system32\sst2cci.dll
2012-01-05 10:38 . 2009-07-13 12:57 81920 ----a-w- c:\windows\system32\ssdevm.dll
2012-01-05 10:38 . 2009-07-13 12:57 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-01-05 10:38 . 2009-07-13 12:57 38160 ----a-w- c:\windows\system32\msxml2r.dll
2012-01-05 10:38 . 2009-07-13 12:57 701440 ----a-w- c:\windows\system32\msxml2.dll
2012-01-05 10:38 . 2009-07-13 12:57 21776 ----a-w- c:\windows\system32\msxml2a.dll
2012-01-05 10:37 . 2009-07-11 00:44 49152 ----a-w- c:\windows\system32\Ssusbpn.dll
2012-01-05 10:37 . 2011-04-29 00:18 90112 ----a-w- c:\windows\system32\SaSegFlt.dll
2012-01-05 10:37 . 2011-04-29 00:18 274432 ----a-w- c:\windows\system32\SaMinDrv.dll
2012-01-05 10:37 . 2011-04-29 00:18 106496 ----a-w- c:\windows\system32\SaImgFlt.dll
2012-01-05 10:37 . 2011-04-29 00:18 61440 ----a-w- c:\windows\system32\SaErHdlr.dll
2012-01-05 10:36 . 2012-01-05 10:36 -------- d-----w- c:\program files\Samsung
2012-01-05 10:36 . 2009-07-12 03:16 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2011-12-30 21:41 . 2011-12-31 09:46 -------- d-----w- c:\users\Eva\AppData\Local\BlueStacks
2011-12-30 21:41 . 2011-12-30 21:41 -------- d-----w- c:\programdata\BlueStacks
2011-12-30 21:41 . 2011-12-30 21:41 -------- d-----w- c:\program files\BlueStacks
2011-12-28 14:26 . 2011-12-28 14:46 -------- d-----w- c:\programdata\PopCap Games
2011-12-26 11:55 . 2011-12-26 11:55 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-12-26 11:02 . 2011-12-26 11:02 -------- d-----w- c:\users\Eva\AppData\Local\FILSH_Media_GmbH
2011-12-18 15:57 . 2011-12-18 15:57 -------- d-----w- c:\users\Eva\AppData\Roaming\ShinyTales
2011-12-15 17:36 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 17:36 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 17:36 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 17:34 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 17:34 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 17:32 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 17:32 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 15:51 . 2010-06-11 20:20 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-12-10 14:24 . 2011-01-30 16:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 14:20 . 2011-05-15 08:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2010-06-20 09:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-29 19:10 . 2011-05-01 08:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2006-12-15 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="h:\program files\quicktime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="h:\users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 14:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 16:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 16:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 16:50 981680 ----a-w- h:\users\Eva\Downloads\Nieuwe map\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCDriverInstaller]
2002-09-20 13:58 638976 ----a-w- c:\progra~1\COMMON~1\Logitech\QCDRIV~1\Lqdsw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- h:\program files\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-03-06 20:24 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 14:26]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849101577-754548134-3661268789-1001Core.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-28 12:33]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1849101577-754548134-3661268789-1001UA.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-28 12:33]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{42379F1E-82DB-41CB-96B3-C756EE0F9E1A}.job
- c:\windows\system32\msfeedssync.exe [2011-05-07 12:52]
.
2012-01-10 c:\windows\Tasks\User_Feed_Synchronization-{5088728A-5B4D-451D-9DE3-0143B28D169A}.job
- c:\windows\system32\msfeedssync.exe [2011-05-07 12:52]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.een.be/programmas/junior-eurosong/tune-ik-wil-leven
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: wrts.nl\assets
Trusted Zone: wrts.nl\www
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\a0bml74x.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 21:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2012-01-10 21:03:23
ComboFix-quarantined-files.txt 2012-01-10 20:03
ComboFix2.txt 2012-01-09 18:06
ComboFix3.txt 2012-01-09 13:23
.
Pre-Run: 12.257.771.520 bytes beschikbaar
Post-Run: 12.132.741.120 bytes beschikbaar
.
- - End Of File - - 40BAE4BD6E2EB445CB40B6C3BE7DAC5A

ik heb het gevoel dat het goed gaat want mijn compter is niet meer sloom en ook lopen er niet tot nauwelijks progamma's vast.

bedankt voor het helpen (of moet er nog wat gedaan worden?)