Onderwerp: Msn doet raar..

Ik heb Revo Unistaller gedownload.
Klikte op Soft Toolbar Boven genoemde van u.

Klikte op Deinstalleren en gevorderd koos ik.
Alle bestanden die achterbleven selecteerde ik en verwijderde het.
Kreeg melding van INSTALLLOG File kan niet open.

Kreeg daarna de melding van Revo Unistaller de overgebleven bestanden zullen na herstart van de computer verwijdert worden.
De overgebleven bestanden van nu zijn.

Crogram files/Softon~`1
Crogram Files/Softon~tbsof1.dll
(wel de andere kant op van / (slash).

Ik zal nu mijn PC herstarten.
En alle wachtwoorden veranderen.
Moet ik nog iets doen?

Bedankt alvast! :d

Wat vreemd..
Heb me wachtwoord verandert maar liet me msn wel aan.
Ik deed pc op standby.
Kom terug op msn.
Iedereen stond op blok.
Bijna iedereen..

Kan iemand me aub helpen.
Als ik google chroom op wachtwoord onthouden van hotmail.
Doet hij dat niet!

Heb een nieuwe Hijackthis log gedaan.
En dit kreeg ik bij log:


ComboFix 10-09-02.03 - Rachid Berkani 03-09-2010 17:31:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.417 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Rachid Berkani\Mijn documenten\Downloads\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))))
.

2010-09-03 11:07 . 2010-09-03 11:07 -------- d-----w- c:\program files\VS Revo Group
2010-09-02 17:14 . 2010-09-02 17:14 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\DivX
2010-09-02 09:03 . 2010-09-02 09:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-09-01 23:36 . 2010-09-01 23:36 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-01 23:32 . 2010-09-01 23:29 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-01 23:32 . 2010-09-01 23:29 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-01 23:32 . 2010-09-01 23:29 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-01 23:32 . 2010-09-01 23:32 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-01 23:32 . 2010-09-01 23:32 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-01 23:29 . 2010-09-03 11:19 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Temp
2010-09-01 23:29 . 2010-09-01 23:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-09-01 23:29 . 2010-09-01 23:36 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google
2010-09-01 23:29 . 2010-09-02 17:34 -------- d-----w- c:\program files\Google
2010-09-01 23:29 . 2010-09-01 23:32 -------- d-----w- c:\program files\DivX
2010-09-01 23:29 . 2010-09-01 23:29 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-01 23:29 . 2010-09-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-30 23:46 . 2010-08-30 23:46 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Identities
2010-08-30 22:42 . 2010-08-30 22:42 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-08-30 16:42 . 2010-08-30 16:42 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\Media Player Classic
2010-08-30 16:41 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-30 16:41 . 2010-08-30 16:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-28 22:54 . 2010-08-28 22:54 -------- d-----w- c:\program files\NCH Software
2010-08-28 22:46 . 2010-08-28 22:46 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\NCH Swift Sound
2010-08-28 22:46 . 2010-08-28 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-08-28 21:53 . 2010-08-28 21:53 0 ----a-w- c:\windows\nsreg.dat
2010-08-28 21:53 . 2010-08-28 21:53 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Mozilla
2010-08-28 20:01 . 2010-08-28 20:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-27 22:19 . 2010-08-28 19:59 -------- d-----w- c:\windows\system32\Adobe
2010-08-24 17:45 . 2010-08-24 17:45 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\ProgSense
2010-08-24 17:45 . 2010-08-28 20:01 -------- d-----w- c:\program files\Orbitdownloader
2010-08-24 17:45 . 2010-08-28 20:01 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\Orbit
2010-08-23 10:44 . 2010-08-23 10:44 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-21 21:59 . 2010-08-21 21:59 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-21 17:28 . 2010-08-21 17:28 -------- d-----w- c:\program files\Ubisoft
2010-08-21 17:27 . 2010-08-21 17:27 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\InstallShield
2010-08-21 10:41 . 2010-08-28 19:59 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Conduit
2010-08-21 10:41 . 2010-08-21 10:41 -------- d-----w- c:\program files\Conduit
2010-08-21 10:41 . 2010-09-03 11:14 -------- d-----w- c:\program files\Softonic-Eng7
2010-08-21 10:41 . 2010-08-28 20:18 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Softonic-Eng7
2010-08-21 10:27 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-21 10:27 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-21 10:26 . 2009-09-06 07:16 126464 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-08-21 10:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 10:25 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-21 10:22 . 2010-04-28 18:15 2194304 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-21 10:22 . 2010-04-28 05:45 2071168 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-21 10:22 . 2010-04-28 05:45 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-21 10:22 . 2010-04-28 05:45 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-20 22:40 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-20 22:40 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-20 22:17 . 2010-08-23 20:52 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Adobe
2010-08-20 19:18 . 2010-09-03 11:31 -------- d-----w- c:\documents and settings\Rachid Berkani\Tracing
2010-08-20 19:05 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-20 19:04 . 2008-04-14 22:04 58112 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-20 19:04 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-08-20 19:03 . 2008-04-14 22:32 76288 ----a-w- c:\windows\system32\usbui.dll
2010-08-20 19:01 . 2010-08-20 17:17 -------- d-----w- C:\Documents and Settings
2010-08-20 19:01 . 2010-08-20 17:12 -------- d--h--w- c:\documents and settings\Default User
2010-08-20 19:01 . 2010-08-20 17:11 -------- d-----w- c:\documents and settings\All Users

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 11:14 . 2010-08-20 18:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-30 21:42 . 2010-08-20 17:39 14640 ----a-w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-29 18:14 . 2001-09-07 12:00 595644 ----a-w- c:\windows\system32\perfh013.dat
2010-08-29 18:14 . 2001-09-07 12:00 125688 ----a-w- c:\windows\system32\perfc013.dat
2010-08-23 10:44 . 2010-08-23 10:44 -------- d-----w- c:\program files\MSBuild
2010-08-23 10:44 . 2010-08-23 10:44 -------- d-----w- c:\program files\Reference Assemblies
2010-08-22 16:30 . 2010-08-20 18:48 -------- d-----w- c:\program files\Ares
2010-08-21 19:22 . 2010-08-20 17:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-21 17:28 . 2010-08-20 17:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 18:52 . 2010-08-20 18:51 -------- d-----w- c:\program files\Windows Live
2010-08-20 18:51 . 2010-08-20 18:51 -------- d-----w- c:\program files\Microsoft
2010-08-20 18:51 . 2010-08-20 18:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-20 18:35 . 2010-08-20 18:20 -------- d-----w- c:\program files\nLite
2010-08-20 18:16 . 2010-08-20 18:16 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-20 18:12 . 2010-08-20 18:12 2826192 ----a-w- c:\documents and settings\Rachid Berkani\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-08-20 17:48 . 2010-08-20 17:48 -------- d-----w- c:\program files\Realtek
2010-08-20 17:48 . 2010-08-20 17:48 315392 ----a-w- c:\windows\HideWin.exe
2010-08-20 17:48 . 2010-08-20 17:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Siemens
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Funk Software
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Common Files\Funk Software
2010-08-20 17:28 . 2010-08-20 17:28 -------- d-----w- c:\program files\support.com
2010-08-20 17:28 . 2010-08-20 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Support.com
2010-08-20 17:12 . 2010-08-20 17:12 -------- d-----w- c:\program files\microsoft frontpage
2010-08-20 17:09 . 2010-08-20 17:09 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2008-04-14 20:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 20:05 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-13 22:45 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 20:32 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-08-20 17:09 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-02_21.53.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-03 11:14 . 2010-09-03 11:14 16384 c:\windows\Temp\Perflib_Perfdata_3b8.dat
+ 2010-08-31 18:28 . 2010-09-03 11:03 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-08-31 18:28 . 2010-08-31 18:28 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-08-24 09:09 . 2010-09-03 11:18 229772 c:\windows\system32\inetsrv\MetaBase.bin
+ 2010-09-03 11:02 . 2010-09-03 11:02 20303872 c:\windows\Installer\21089.msp
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-03 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-23 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Gigaset WLAN Adapter Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Gigaset WLAN Adapter Monitor.lnk
backup=c:\windows\pss\Gigaset WLAN Adapter Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

S3 bns;bns;\??\c:\docume~1\RACHID~1\LOCALS~1\Temp~bns.tmp --> c:\docume~1\RACHID~1\LOCALS~1\Temp~bns.tmp [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-682003330-1003Core.job
- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-03 11:18]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-682003330-1003UA.job
- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-03 11:18]

2010-09-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1220945662-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1220945662-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{E5634CBF-F7E6-4267-AE45-5FD3D3B379C9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-03 17:34
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bns]
"ImagePath"="\??\c:\docume~1\RACHID~1\LOCALS~1\Temp~bns.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(1504)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Voltooingstijd: 2010-09-03 17:39:04
ComboFix-quarantined-files.txt 2010-09-03 15:38
ComboFix2.txt 2010-09-02 21:54

Pre-Run: 227.907.297.280 bytes beschikbaar
Post-Run: 227.905.462.272 bytes beschikbaar

- - End Of File - - 9486227837516745FA7CCD4F40E30679

Ik heb Dat TFC gedaan had iets met 102MB helemaal onderin.
Drukte ok en de pc starte opnieuw op.

Nu een Hijacthis..

Van DDS geen Attach!



DDS (Ver_09-09-29.01) - NTFSx86
Run by Rachid Berkani at 18:51:36,85 on vr 03-09-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.338 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rachid Berkani\Mijn documenten\Downloads\dds.com

============== Pseudo HJT Report ===============

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\rachid berkani\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-3 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-3 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-3 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-3 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-20 54760]
S3 bns;bns;\??\c:\docume~1\rachid~1\locals~1\temp~bns.tmp --> c:\docume~1\rachid~1\locals~1\Temp~bns.tmp [?]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

=============== Created Last 30 ================

2010-09-03 18:10 <DIR> --d----- c:\windows\system32\NtmsData
2010-09-03 18:08 <DIR> --d----- c:\docume~1\rachid~1\applic~1\Avira
2010-09-03 18:05 60,936 a------- c:\windows\system32\drivers\avgntflt.sys
2010-09-03 18:05 <DIR> --d----- c:\program files\Avira
2010-09-03 18:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2010-09-03 17:30 <DIR> --d----- C:\ComboFix
2010-09-03 13:07 <DIR> --d----- c:\program files\VS Revo Group
2010-09-02 23:47 <DIR> a-dshr-- C:\cmdcons
2010-09-02 23:44 256,512 a------- c:\windows\PEV.exe
2010-09-02 23:44 161,792 a------- c:\windows\SWREG.exe
2010-09-02 23:44 98,816 a------- c:\windows\sed.exe
2010-09-02 23:44 77,312 a------- c:\windows\MBR.exe
2010-09-02 01:31 <DIR> --d----- c:\program files\common files\DivX Shared
2010-09-02 01:29 <DIR> --d----- c:\program files\DivX
2010-09-02 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DivX
2010-08-30 18:41 165,376 a------- c:\windows\system32\unrar.dll
2010-08-30 18:41 38 a------- c:\windows\avisplitter.ini
2010-08-30 18:41 <DIR> --d----- c:\program files\K-Lite Codec Pack
2010-08-29 00:54 <DIR> --d----- c:\program files\NCH Software
2010-08-28 22:01 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-08-28 00:19 <DIR> --d----- c:\windows\system32\Adobe
2010-08-24 19:45 <DIR> --d----- c:\docume~1\rachid~1\applic~1\ProgSense
2010-08-24 19:45 <DIR> --d----- c:\program files\Orbitdownloader
2010-08-23 18:03 <DIR> --d----- c:\program files\common files\xing shared
2010-08-23 18:03 499,712 a------- c:\windows\system32\msvcp71.dll
2010-08-23 18:03 348,160 a------- c:\windows\system32\msvcr71.dll
2010-08-23 18:03 <DIR> --d----- c:\program files\common files\Real
2010-08-23 12:44 <DIR> --d----- c:\windows\system32\XPSViewer
2010-08-23 12:44 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2010-08-23 12:44 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-23 12:44 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-23 12:44 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-23 12:44 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2010-08-23 12:44 575,488 -------- c:\windows\system32\xpsshhdr.dll
2010-08-23 12:44 117,760 -------- c:\windows\system32\prntvpt.dll
2010-08-23 12:44 <DIR> --d----- C:\c219b39e48f86a80dd5679
2010-08-21 23:59 <DIR> --d----- c:\program files\NCH Swift Sound
2010-08-21 12:41 <DIR> --d----- c:\program files\Conduit
2010-08-21 12:41 <DIR> --d----- c:\program files\Softonic-Eng7
2010-08-21 12:27 272,640 -c------ c:\windows\system32\dllcache\bthport.sys
2010-08-21 12:27 272,640 -------- c:\windows\system32\drivers\bthport.sys
2010-08-21 12:26 126,464 -c------ c:\windows\system32\dllcache\ftpsvc2.dll
2010-08-21 12:26 455,680 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 00:40 274,288 a------- c:\windows\system32\mucltui.dll
2010-08-21 00:40 215,920 a------- c:\windows\system32\muweb.dll
2010-08-21 00:40 17,776 a------- c:\windows\system32\mucltui.dll.mui
2010-08-20 21:18 <DIR> --d----- c:\documents and settings\rachid berkani\Tracing
2010-08-20 21:05 3,072 a------- c:\windows\system32\drivers\audstub.sys
2010-08-20 21:04 58,112 a------- c:\windows\system32\drivers\redbook.sys
2010-08-20 21:04 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2010-08-20 21:03 76,288 a------- c:\windows\system32\usbui.dll
2010-08-20 21:02 <DIR> --d----- c:\program files\common files\ODBC
2010-08-20 21:02 <DIR> --d----- c:\program files\common files\SpeechEngines
2010-08-20 21:02 <DIR> --d-h--- c:\documents and settings\all users\Sjablonen
2010-08-20 21:02 <DIR> --d--r-- c:\documents and settings\all users\Menu Start
2010-08-20 21:02 <DIR> --d--r-- c:\documents and settings\all users\Documenten
2010-08-20 21:02 <DIR> --d----- c:\documents and settings\all users\Favorieten
2010-08-20 21:02 <DIR> --d----- c:\documents and settings\all users\Bureaublad
2010-08-20 21:01 <DIR> --d----- C:\Documents and Settings
2010-08-20 21:00 823 a------- c:\windows\system32\$winnt$.inf
2010-08-20 20:51 <DIR> --d----- c:\program files\Microsoft
2010-08-20 20:51 <DIR> --d----- c:\program files\Windows Live SkyDrive
2010-08-20 20:48 <DIR> --d----- c:\program files\Ares
2010-08-20 20:39 <DIR> --dsh--- c:\documents and settings\rachid berkani\IECompatCache
2010-08-20 20:38 <DIR> --dsh--- c:\documents and settings\rachid berkani\PrivacIE
2010-08-20 20:36 <DIR> --dsh--- c:\documents and settings\rachid berkani\IETldCache
2010-08-20 20:20 <DIR> --d----- c:\program files\nLite
2010-08-20 20:16 <DIR> --d----- c:\program files\common files\Windows Live
2010-08-20 19:48 <DIR> --d----- c:\program files\Realtek
2010-08-20 19:43 <DIR> --dsh--- c:\documents and settings\rachid berkani\UserData
2010-08-20 19:34 <DIR> --d----- c:\program files\Siemens
2010-08-20 19:34 <DIR> --d----- c:\program files\Funk Software
2010-08-20 19:34 <DIR> --d----- c:\program files\common files\Funk Software
2010-08-20 19:28 <DIR> --d----- c:\program files\support.com
2010-08-20 19:17 <DIR> --d-hr-- c:\documents and settings\rachid berkani\Onlangs geopend
2010-08-20 19:17 <DIR> --d-h--- c:\documents and settings\rachid berkani\Sjablonen
2010-08-20 19:17 <DIR> --d-h--- c:\documents and settings\rachid berkani\Netwerkprinteromgeving
2010-08-20 19:17 <DIR> --d--r-- c:\documents and settings\rachid berkani\Mijn documenten
2010-08-20 19:17 <DIR> --d--r-- c:\documents and settings\rachid berkani\Menu Start
2010-08-20 19:17 <DIR> --d--r-- c:\documents and settings\rachid berkani\Favorieten
2010-08-20 19:17 <DIR> --d----- c:\documents and settings\rachid berkani\Bureaublad
2010-08-20 19:11 <DIR> --dsh--- c:\documents and settings\all users\DRM
2010-08-20 19:11 <DIR> --d-h--- c:\program files\WindowsUpdate
2010-08-20 19:11 <DIR> --d----- c:\program files\Online Services
2010-08-20 19:10 <DIR> --d----- c:\program files\common files\MSSoap
2010-08-20 19:08 <DIR> --d----- c:\program files\Messenger
2010-08-20 19:08 <DIR> --d----- c:\program files\MSN Gaming Zone
2010-08-20 19:08 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2010-08-29 20:14 595,644 a------- c:\windows\system32\perfh013.dat
2010-08-29 20:14 125,688 a------- c:\windows\system32\perfc013.dat
2010-08-21 21:22 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-08-20 19:48 315,392 a------- c:\windows\HideWin.exe
2010-08-20 19:09 21,748 a------- c:\windows\system32\emptyregdb.dat
2010-06-30 14:33 149,504 a------- c:\windows\system32\schannel.dll
2010-06-24 14:27 916,480 a------- c:\windows\system32\wininet.dll
2010-06-24 11:02 1,852,032 a------- c:\windows\system32\win32k.sys
2010-06-17 16:03 80,384 a------- c:\windows\system32\iccvid.dll
2010-06-14 16:31 744,448 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 09:43 1,172,480 a------- c:\windows\system32\msxml3.dll

============= FINISH: 18:51:56,25 ===============

Sorry van de fout net.

Nogmaals van DDS.



DDS (Ver_09-09-29.01) - NTFSx86
Run by Rachid Berkani at 18:58:48,62 on vr 03-09-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.328 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rachid Berkani\Mijn documenten\Downloads\dds (1).com

============== Pseudo HJT Report ===============

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\rachid berkani\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-3 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-3 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-3 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-3 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-20 54760]
S3 bns;bns;\??\c:\docume~1\rachid~1\locals~1\temp~bns.tmp --> c:\docume~1\rachid~1\locals~1\Temp~bns.tmp [?]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

=============== Created Last 30 ================

2010-09-03 18:10 <DIR> --d----- c:\windows\system32\NtmsData
2010-09-03 18:08 <DIR> --d----- c:\docume~1\rachid~1\applic~1\Avira
2010-09-03 18:05 60,936 a------- c:\windows\system32\drivers\avgntflt.sys
2010-09-03 18:05 <DIR> --d----- c:\program files\Avira
2010-09-03 18:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2010-09-03 17:30 <DIR> --d----- C:\ComboFix
2010-09-03 13:07 <DIR> --d----- c:\program files\VS Revo Group
2010-09-02 23:47 <DIR> a-dshr-- C:\cmdcons
2010-09-02 23:44 256,512 a------- c:\windows\PEV.exe
2010-09-02 23:44 161,792 a------- c:\windows\SWREG.exe
2010-09-02 23:44 98,816 a------- c:\windows\sed.exe
2010-09-02 23:44 77,312 a------- c:\windows\MBR.exe
2010-09-02 01:31 <DIR> --d----- c:\program files\common files\DivX Shared
2010-09-02 01:29 <DIR> --d----- c:\program files\DivX
2010-09-02 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DivX
2010-08-30 18:41 165,376 a------- c:\windows\system32\unrar.dll
2010-08-30 18:41 38 a------- c:\windows\avisplitter.ini
2010-08-30 18:41 <DIR> --d----- c:\program files\K-Lite Codec Pack
2010-08-29 00:54 <DIR> --d----- c:\program files\NCH Software
2010-08-28 22:01 <DIR> --d----- c:\windows\system32\wbem\Repository
2010-08-28 00:19 <DIR> --d----- c:\windows\system32\Adobe
2010-08-24 19:45 <DIR> --d----- c:\docume~1\rachid~1\applic~1\ProgSense
2010-08-24 19:45 <DIR> --d----- c:\program files\Orbitdownloader
2010-08-23 18:03 <DIR> --d----- c:\program files\common files\xing shared
2010-08-23 18:03 499,712 a------- c:\windows\system32\msvcp71.dll
2010-08-23 18:03 348,160 a------- c:\windows\system32\msvcr71.dll
2010-08-23 18:03 <DIR> --d----- c:\program files\common files\Real
2010-08-23 12:44 <DIR> --d----- c:\windows\system32\XPSViewer
2010-08-23 12:44 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2010-08-23 12:44 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-23 12:44 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-23 12:44 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-23 12:44 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2010-08-23 12:44 575,488 -------- c:\windows\system32\xpsshhdr.dll
2010-08-23 12:44 117,760 -------- c:\windows\system32\prntvpt.dll
2010-08-23 12:44 <DIR> --d----- C:\c219b39e48f86a80dd5679
2010-08-21 23:59 <DIR> --d----- c:\program files\NCH Swift Sound
2010-08-21 12:41 <DIR> --d----- c:\program files\Conduit
2010-08-21 12:41 <DIR> --d----- c:\program files\Softonic-Eng7
2010-08-21 12:27 272,640 -c------ c:\windows\system32\dllcache\bthport.sys
2010-08-21 12:27 272,640 -------- c:\windows\system32\drivers\bthport.sys
2010-08-21 12:26 126,464 -c------ c:\windows\system32\dllcache\ftpsvc2.dll
2010-08-21 12:26 455,680 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 00:40 274,288 a------- c:\windows\system32\mucltui.dll
2010-08-21 00:40 215,920 a------- c:\windows\system32\muweb.dll
2010-08-21 00:40 17,776 a------- c:\windows\system32\mucltui.dll.mui
2010-08-20 21:18 <DIR> --d----- c:\documents and settings\rachid berkani\Tracing
2010-08-20 21:05 3,072 a------- c:\windows\system32\drivers\audstub.sys
2010-08-20 21:04 58,112 a------- c:\windows\system32\drivers\redbook.sys
2010-08-20 21:04 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2010-08-20 21:03 76,288 a------- c:\windows\system32\usbui.dll
2010-08-20 21:02 <DIR> --d----- c:\program files\common files\ODBC
2010-08-20 21:02 <DIR> --d----- c:\program files\common files\SpeechEngines
2010-08-20 21:02 <DIR> --d-h--- c:\documents and settings\all users\Sjablonen
2010-08-20 21:02 <DIR> --d--r-- c:\documents and settings\all users\Menu Start
2010-08-20 21:02 <DIR> --d--r-- c:\documents and settings\all users\Documenten
2010-08-20 21:02 <DIR> --d----- c:\documents and settings\all users\Favorieten
2010-08-20 21:02 <DIR> --d----- c:\documents and settings\all users\Bureaublad
2010-08-20 21:01 <DIR> --d----- C:\Documents and Settings
2010-08-20 21:00 823 a------- c:\windows\system32\$winnt$.inf
2010-08-20 20:51 <DIR> --d----- c:\program files\Microsoft
2010-08-20 20:51 <DIR> --d----- c:\program files\Windows Live SkyDrive
2010-08-20 20:48 <DIR> --d----- c:\program files\Ares
2010-08-20 20:39 <DIR> --dsh--- c:\documents and settings\rachid berkani\IECompatCache
2010-08-20 20:38 <DIR> --dsh--- c:\documents and settings\rachid berkani\PrivacIE
2010-08-20 20:36 <DIR> --dsh--- c:\documents and settings\rachid berkani\IETldCache
2010-08-20 20:20 <DIR> --d----- c:\program files\nLite
2010-08-20 20:16 <DIR> --d----- c:\program files\common files\Windows Live
2010-08-20 19:48 <DIR> --d----- c:\program files\Realtek
2010-08-20 19:43 <DIR> --dsh--- c:\documents and settings\rachid berkani\UserData
2010-08-20 19:34 <DIR> --d----- c:\program files\Siemens
2010-08-20 19:34 <DIR> --d----- c:\program files\Funk Software
2010-08-20 19:34 <DIR> --d----- c:\program files\common files\Funk Software
2010-08-20 19:28 <DIR> --d----- c:\program files\support.com
2010-08-20 19:17 <DIR> --d-hr-- c:\documents and settings\rachid berkani\Onlangs geopend
2010-08-20 19:17 <DIR> --d-h--- c:\documents and settings\rachid berkani\Sjablonen
2010-08-20 19:17 <DIR> --d-h--- c:\documents and settings\rachid berkani\Netwerkprinteromgeving
2010-08-20 19:17 <DIR> --d--r-- c:\documents and settings\rachid berkani\Mijn documenten
2010-08-20 19:17 <DIR> --d--r-- c:\documents and settings\rachid berkani\Menu Start
2010-08-20 19:17 <DIR> --d--r-- c:\documents and settings\rachid berkani\Favorieten
2010-08-20 19:17 <DIR> --d----- c:\documents and settings\rachid berkani\Bureaublad
2010-08-20 19:11 <DIR> --dsh--- c:\documents and settings\all users\DRM
2010-08-20 19:11 <DIR> --d-h--- c:\program files\WindowsUpdate
2010-08-20 19:11 <DIR> --d----- c:\program files\Online Services
2010-08-20 19:10 <DIR> --d----- c:\program files\common files\MSSoap
2010-08-20 19:08 <DIR> --d----- c:\program files\Messenger
2010-08-20 19:08 <DIR> --d----- c:\program files\MSN Gaming Zone
2010-08-20 19:08 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2010-08-29 20:14 595,644 a------- c:\windows\system32\perfh013.dat
2010-08-29 20:14 125,688 a------- c:\windows\system32\perfc013.dat
2010-08-21 21:22 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-08-20 19:48 315,392 a------- c:\windows\HideWin.exe
2010-08-20 19:09 21,748 a------- c:\windows\system32\emptyregdb.dat
2010-06-30 14:33 149,504 a------- c:\windows\system32\schannel.dll
2010-06-24 14:27 916,480 a------- c:\windows\system32\wininet.dll
2010-06-24 11:02 1,852,032 a------- c:\windows\system32\win32k.sys
2010-06-17 16:03 80,384 a------- c:\windows\system32\iccvid.dll
2010-06-14 16:31 744,448 a------- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 09:43 1,172,480 a------- c:\windows\system32\msxml3.dll

============= FINISH: 18:59:00,57 ===============

Zal nu doen wat u net hebt vermeld.
PS Heb avira geinstalleerd (anti virus..

Heb gedaan wat u zei.
Ik kreeg dat er geen kwaadaardige dingen erop zitten drukte ok. En kreeg een logje.
kreeg ook geen pc opnieuwstarten.

Dit kreeg ik logje:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Databaseversie: 4536

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3-9-2010 19:07:15
mbam-log-2010-09-03 (19-07-15).txt

Scantype: Snelle scan
Objecten gescand: 126051
Verstreken tijd: 4 minuut/minuten, 25 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Dit kreeg ik van de Hijack this die jij hebt geplaats.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:32, on 3-9-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ares\Ares.exe
C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rachid Berkani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5489 bytes

Heb wel onder me balk Trend Micro Hijackthis..
Met allemaal programmas wat je kan aanvinker

Beneden staat er scan fix checked
Main menu..

Enz..

Bedankt alvast.

ComboFix 10-09-03.02 - Rachid Berkani 04-09-2010 18:14:16.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.767.473 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Rachid Berkani\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Rachid Berkani\Bureaublad\CFScript.txt
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-04 to 2010-09-04 ))))))))))))))))))))))))))))))
.

2010-09-04 00:29 . 2010-09-04 00:29 -------- d-----w- c:\program files\Nuclear Coffee
2010-09-03 17:10 . 2010-09-03 17:10 388096 ----a-r- c:\documents and settings\Rachid Berkani\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-03 17:10 . 2010-09-03 17:10 -------- d-----w- c:\program files\Trend Micro
2010-09-03 17:01 . 2010-09-03 17:01 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\Malwarebytes
2010-09-03 17:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-03 17:00 . 2010-09-03 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 17:00 . 2010-09-03 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-03 17:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 16:15 . 2010-09-03 16:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Media Player Classic
2010-09-03 16:15 . 2010-09-03 16:15 -------- d-----r- c:\documents and settings\LocalService\Favorieten
2010-09-03 16:10 . 2010-09-03 16:35 -------- d-----w- c:\windows\system32\NtmsData
2010-09-03 11:07 . 2010-09-03 11:07 -------- d-----w- c:\program files\VS Revo Group
2010-09-02 17:14 . 2010-09-02 17:14 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\DivX
2010-09-02 09:03 . 2010-09-02 09:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-09-01 23:36 . 2010-09-01 23:36 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-01 23:32 . 2010-09-01 23:29 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-01 23:32 . 2010-09-01 23:29 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-01 23:32 . 2010-09-01 23:29 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-01 23:32 . 2010-09-01 23:32 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-01 23:32 . 2010-09-01 23:32 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-01 23:29 . 2010-09-03 11:19 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Temp
2010-09-01 23:29 . 2010-09-01 23:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-09-01 23:29 . 2010-09-01 23:36 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google
2010-09-01 23:29 . 2010-09-02 17:34 -------- d-----w- c:\program files\Google
2010-09-01 23:29 . 2010-09-01 23:32 -------- d-----w- c:\program files\DivX
2010-09-01 23:29 . 2010-09-01 23:29 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-01 23:29 . 2010-09-01 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-30 23:46 . 2010-08-30 23:46 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Identities
2010-08-30 22:42 . 2010-08-30 22:42 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2010-08-30 16:42 . 2010-08-30 16:42 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\Media Player Classic
2010-08-30 16:41 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-30 16:41 . 2010-08-30 16:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-28 22:54 . 2010-08-28 22:54 -------- d-----w- c:\program files\NCH Software
2010-08-28 22:46 . 2010-08-28 22:46 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\NCH Swift Sound
2010-08-28 22:46 . 2010-08-28 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-08-28 21:53 . 2010-08-28 21:53 0 ----a-w- c:\windows\nsreg.dat
2010-08-28 21:53 . 2010-08-28 21:53 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Mozilla
2010-08-28 20:01 . 2010-08-28 20:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-27 22:19 . 2010-08-28 19:59 -------- d-----w- c:\windows\system32\Adobe
2010-08-24 17:45 . 2010-08-24 17:45 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\ProgSense
2010-08-24 17:45 . 2010-08-28 20:01 -------- d-----w- c:\program files\Orbitdownloader
2010-08-24 17:45 . 2010-08-28 20:01 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\Orbit
2010-08-23 10:44 . 2010-08-23 10:44 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-21 21:59 . 2010-08-21 21:59 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-21 17:28 . 2010-08-21 17:28 -------- d-----w- c:\program files\Ubisoft
2010-08-21 17:27 . 2010-08-21 17:27 -------- d-----w- c:\documents and settings\Rachid Berkani\Application Data\InstallShield
2010-08-21 10:27 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-21 10:27 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-21 10:26 . 2009-09-06 07:16 126464 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-08-21 10:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 10:25 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-21 10:22 . 2010-04-28 18:15 2194304 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-21 10:22 . 2010-04-28 05:45 2071168 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-21 10:22 . 2010-04-28 05:45 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-21 10:22 . 2010-04-28 05:45 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-20 22:40 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-20 22:40 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-20 22:17 . 2010-08-23 20:52 -------- d-----w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Adobe
2010-08-20 19:18 . 2010-09-04 16:04 -------- d-----w- c:\documents and settings\Rachid Berkani\Tracing
2010-08-20 19:05 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-20 19:04 . 2008-04-14 22:04 58112 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-20 19:04 . 2001-08-17 21:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-08-20 19:03 . 2008-04-14 22:32 76288 ----a-w- c:\windows\system32\usbui.dll
2010-08-20 19:01 . 2010-08-20 17:17 -------- d-----w- C:\Documents and Settings
2010-08-20 19:01 . 2010-08-20 17:12 -------- d--h--w- c:\documents and settings\Default User
2010-08-20 19:01 . 2010-08-20 17:11 -------- d-----w- c:\documents and settings\All Users

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 11:14 . 2010-08-20 18:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-30 21:42 . 2010-08-20 17:39 14640 ----a-w- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-29 18:14 . 2001-09-07 12:00 595644 ----a-w- c:\windows\system32\perfh013.dat
2010-08-29 18:14 . 2001-09-07 12:00 125688 ----a-w- c:\windows\system32\perfc013.dat
2010-08-23 10:44 . 2010-08-23 10:44 -------- d-----w- c:\program files\MSBuild
2010-08-23 10:44 . 2010-08-23 10:44 -------- d-----w- c:\program files\Reference Assemblies
2010-08-22 16:30 . 2010-08-20 18:48 -------- d-----w- c:\program files\Ares
2010-08-21 19:22 . 2010-08-20 17:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-21 17:28 . 2010-08-20 17:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-20 18:52 . 2010-08-20 18:51 -------- d-----w- c:\program files\Windows Live
2010-08-20 18:51 . 2010-08-20 18:51 -------- d-----w- c:\program files\Microsoft
2010-08-20 18:51 . 2010-08-20 18:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-20 18:35 . 2010-08-20 18:20 -------- d-----w- c:\program files\nLite
2010-08-20 18:16 . 2010-08-20 18:16 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-20 17:48 . 2010-08-20 17:48 -------- d-----w- c:\program files\Realtek
2010-08-20 17:48 . 2010-08-20 17:48 315392 ----a-w- c:\windows\HideWin.exe
2010-08-20 17:48 . 2010-08-20 17:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Siemens
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Funk Software
2010-08-20 17:34 . 2010-08-20 17:34 -------- d-----w- c:\program files\Common Files\Funk Software
2010-08-20 17:28 . 2010-08-20 17:28 -------- d-----w- c:\program files\support.com
2010-08-20 17:28 . 2010-08-20 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Support.com
2010-08-20 17:12 . 2010-08-20 17:12 -------- d-----w- c:\program files\microsoft frontpage
2010-08-20 17:09 . 2010-08-20 17:09 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 09:02 . 2008-04-14 20:05 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-13 22:45 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 20:32 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-08-20 17:09 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-09-04_12.45.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-04 16:04 . 2010-09-04 16:04 16384 c:\windows\Temp\Perflib_Perfdata_2b4.dat
+ 2010-08-24 09:09 . 2010-09-04 16:08 229762 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-03 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-23 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100864]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Gigaset WLAN Adapter Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Gigaset WLAN Adapter Monitor.lnk
backup=c:\windows\pss\Gigaset WLAN Adapter Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

S3 bns;bns;\??\c:\docume~1\RACHID~1\LOCALS~1\Temp~bns.tmp --> c:\docume~1\RACHID~1\LOCALS~1\Temp~bns.tmp [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-682003330-1003Core.job
- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-03 11:18]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-682003330-1003UA.job
- c:\documents and settings\Rachid Berkani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-03 11:18]

2010-09-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1220945662-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1220945662-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Bijkomende Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-04 18:17
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bns]
"ImagePath"="\??\c:\docume~1\RACHID~1\LOCALS~1\Temp~bns.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\msi.dll
.
Voltooingstijd: 2010-09-04 18:18:59
ComboFix-quarantined-files.txt 2010-09-04 16:18
ComboFix2.txt 2010-09-04 12:48
ComboFix3.txt 2010-09-03 15:39
ComboFix4.txt 2010-09-02 21:54

Pre-Run: 228.431.118.336 bytes beschikbaar
Post-Run: 228.423.639.040 bytes beschikbaar

- - End Of File - - 8079A9DFACE1BA1E1B7F4976D51ED500