here i am

[dinand]

Ok. Good. Please rerun DDS and post a new log from it. It also would not hurt to rerun malwarebytes one more time based on the number of bad files it found the first time. Don't post the log though. Only post a new DDS log.

i have rerun the malwarebytes again and it is a short list, no infections found.
under the log of malwarebytes you can find the log of DDS
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6686

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27-5-2011 1:05:57
mbam-log-2011-05-27 (01-05-57).txt

Scantype: Volledige scan (C:\|D:\|E:\|F:\|)
Objecten gescand: 174414
Verstreken tijd: 57 minuut/minuten, 3 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ten Damme at 13:13:01 on 2011-05-27
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1024.524 [GMT 2:00]
.
AV: PC Security Guardian *Enabled/Updated* {8410A24D-3CBA-46C2-A2A0-F6E8BC0D3A65}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: PC Security Guardian *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ESET\ServiceEx.exe
C:\Program Files\ESET\CyberMania.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ten Damme\Bureaublad\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyServer = http=127.0.0.1:25498
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Registry Reviver] c:\program files\reviversoft\registry reviver\RegistryReviver.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TaskTray]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tendam~1\menust~1\progra~1\opstar~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: jijbent.nl\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
IFEO: image file execution options - svchost.exe
Hosts: 69.72.252.252 www.google.com
Hosts: 178.17.165.3 www.google.com
Hosts: 69.72.252.252 www.google.com.au
Hosts: 178.17.165.3 www.google.com.au
Hosts: 69.72.252.252 www.google.be
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2011-2-15 911552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-24 95872]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-2-15 2475952]
R2 CyberMania;CyberMania;c:\program files\eset\serviceex.exe run --> c:\program files\eset\ServiceEx.exe run [?]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-2-15 159296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-26 20:42:09 -------- d-----w- c:\documents and settings\ten damme\application data\Malwarebytes
2011-05-26 20:42:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 20:42:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-26 20:41:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 20:41:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 13:17:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-23 13:17:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-16 18:52:19 -------- d-----w- c:\program files\Dream Chronicles Deluxe
2011-05-16 18:51:29 -------- d-----w- c:\program files\Sunset Studio Deluxe
2011-05-16 18:15:08 -------- d-----w- c:\program files\Sally's Salon Deluxe
2011-05-16 15:53:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-05-14 06:31:22 -------- d-sh--w- c:\documents and settings\all users\application data\PSZJGIG
2011-05-14 06:31:03 -------- d-sh--w- c:\documents and settings\all users\application data\59bd24
2011-05-11 11:35:14 -------- d-----w- c:\documents and settings\ten damme\local settings\application data\Help
2011-05-04 19:59:22 4 ----a-w- C:\timestmp.tmp
.
==================== Find3M ====================
.
2011-04-01 22:52:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-01 22:52:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-16 11:28:20 16704 ----a-w- c:\windows\system32\roboot.exe
2011-03-07 05:31:39 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:35:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52:10 1867008 ----a-w- c:\windows\system32\win32k.sys
2011-02-26 12:30:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 13:13:25,90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15-2-2011 18:14:07
System Uptime: 26-5-2011 23:53:31 (14 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A7V8X-X
Processor: AMD Athlon(TM) XP 2400+ | SOCKET A | 2000/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 63,857 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 71 GiB total, 68,893 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_78\3&61AAA01&0&50
Manufacturer: 3Com
Name: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_78\3&61AAA01&0&50
Service: EL90XBC
.
==== System Restore Points ===================
.
RP73: 2-4-2011 0:52:21 - Installed Java(TM) 6 Update 24
RP74: 2-4-2011 0:55:47 - Software Distribution Service 3.0
RP75: 2-4-2011 1:01:04 - Software Distribution Service 3.0
RP76: 2-4-2011 1:04:08 - Software Distribution Service 3.0
RP77: 3-4-2011 1:31:32 - Controlepunt van systeem
RP78: 3-4-2011 3:00:14 - Software Distribution Service 3.0
RP79: 3-4-2011 23:35:25 - Software Distribution Service 3.0
RP80: 5-4-2011 0:06:27 - Software Distribution Service 3.0
RP81: 6-4-2011 0:18:41 - Controlepunt van systeem
RP82: 6-4-2011 3:00:15 - Software Distribution Service 3.0
RP83: 7-4-2011 0:29:13 - Software Distribution Service 3.0
RP84: 8-4-2011 0:07:26 - Software Distribution Service 3.0
RP85: 9-4-2011 0:14:27 - Controlepunt van systeem
RP86: 9-4-2011 3:00:14 - Software Distribution Service 3.0
RP87: 10-4-2011 3:00:14 - Software Distribution Service 3.0
RP88: 10-4-2011 16:12:17 - Geïnstalleerd Battlefield 2(TM)
RP89: 11-4-2011 18:15:31 - Software Distribution Service 3.0
RP90: 12-4-2011 0:25:30 - Software Distribution Service 3.0
RP91: 13-4-2011 0:16:20 - Software Distribution Service 3.0
RP92: 14-4-2011 0:55:52 - Controlepunt van systeem
RP93: 15-4-2011 1:06:01 - Software Distribution Service 3.0
RP94: 16-4-2011 1:47:41 - Software Distribution Service 3.0
RP95: 17-4-2011 0:55:58 - Software Distribution Service 3.0
RP96: 18-4-2011 0:32:02 - Software Distribution Service 3.0
RP97: 18-4-2011 17:42:14 - Software Distribution Service 3.0
RP98: 18-4-2011 22:02:56 - Installed Windows KB954550-v5.
RP99: 18-4-2011 22:03:08 - Printerstuurprogramma Microsoft XPS Document W is geïnstalleerd
RP100: 18-4-2011 22:03:19 - Printerstuurprogramma Microsoft XPS Document W is geïnstalleerd
RP101: 18-4-2011 22:04:38 - Installed %1 %2.
RP102: 18-4-2011 23:17:04 - Software Distribution Service 3.0
RP103: 19-4-2011 22:56:16 - Software Distribution Service 3.0
RP104: 20-4-2011 22:58:53 - Controlepunt van systeem
RP105: 21-4-2011 3:00:14 - Software Distribution Service 3.0
RP106: 21-4-2011 23:37:57 - Installed Windows KB954550-v5.
RP107: 21-4-2011 23:38:07 - Printerstuurprogramma Microsoft XPS Document W is geïnstalleerd
RP108: 21-4-2011 23:38:16 - Printerstuurprogramma Microsoft XPS Document W is geïnstalleerd
RP109: 21-4-2011 23:39:50 - Installed %1 %2.
RP110: 22-4-2011 3:00:14 - Software Distribution Service 3.0
RP111: 23-4-2011 0:17:31 - Software Distribution Service 3.0
RP112: 24-4-2011 0:25:14 - Controlepunt van systeem
RP113: 24-4-2011 1:53:01 - Software Distribution Service 3.0
RP114: 24-4-2011 18:52:51 - Registry Reviver
RP115: 25-4-2011 3:00:16 - Software Distribution Service 3.0
RP116: 25-4-2011 22:37:53 - Software Distribution Service 3.0
RP117: 25-4-2011 23:13:43 - Software Distribution Service 3.0
RP118: 27-4-2011 0:18:55 - Software Distribution Service 3.0
RP119: 28-4-2011 0:16:19 - Software Distribution Service 3.0
RP120: 28-4-2011 23:44:23 - Software Distribution Service 3.0
RP121: 30-4-2011 0:36:53 - Controlepunt van systeem
RP122: 30-4-2011 3:00:15 - Software Distribution Service 3.0
RP123: 1-5-2011 3:00:21 - Software Distribution Service 3.0
RP124: 1-5-2011 23:37:38 - Software Distribution Service 3.0
RP125: 3-5-2011 0:45:12 - Software Distribution Service 3.0
RP126: 4-5-2011 0:20:52 - Software Distribution Service 3.0
RP127: 5-5-2011 0:40:40 - Software Distribution Service 3.0
RP128: 5-5-2011 23:43:31 - Software Distribution Service 3.0
RP129: 7-5-2011 0:31:42 - Controlepunt van systeem
RP130: 7-5-2011 0:44:37 - Software Distribution Service 3.0
RP131: 8-5-2011 0:48:52 - Controlepunt van systeem
RP132: 8-5-2011 1:07:37 - Software Distribution Service 3.0
RP133: 8-5-2011 23:45:44 - Software Distribution Service 3.0
RP134: 9-5-2011 23:25:35 - Software Distribution Service 3.0
RP135: 10-5-2011 23:26:36 - Software Distribution Service 3.0
RP136: 11-5-2011 23:43:00 - Controlepunt van systeem
RP137: 12-5-2011 10:54:24 - Software Distribution Service 3.0
RP138: 12-5-2011 13:43:50 - Installed Battlefield Vietnam(TM)
RP139: 12-5-2011 13:51:44 - Installed PunkBuster for Battlefield Vietnam
RP140: 13-5-2011 19:41:37 - Controlepunt van systeem
RP141: 14-5-2011 3:00:19 - Software Distribution Service 3.0
RP142: 14-5-2011 18:16:08 - Software Distribution Service 3.0
RP143: 14-5-2011 20:59:27 - Software Distribution Service 3.0
RP144: 14-5-2011 21:03:38 - Software Distribution Service 3.0
RP145: 14-5-2011 21:05:27 - Software Distribution Service 3.0
RP146: 14-5-2011 22:43:32 - Software Distribution Service 3.0
RP147: 14-5-2011 22:45:25 - Software Distribution Service 3.0
RP148: 15-5-2011 12:30:00 - Software Distribution Service 3.0
RP149: 16-5-2011 15:35:24 - Removed PunkBuster for Battlefield Vietnam
RP150: 16-5-2011 15:35:39 - Removed Battlefield Vietnam(TM)
RP151: 16-5-2011 15:36:12 - Verwijderd Battlefield 2(TM)
RP152: 16-5-2011 17:46:57 - Software Distribution Service 3.0
RP153: 16-5-2011 20:58:50 - Software Distribution Service 3.0
RP154: 17-5-2011 0:28:18 - Software Distribution Service 3.0
RP155: 17-5-2011 21:01:44 - Software Distribution Service 3.0
RP156: 18-5-2011 6:13:15 - Software Distribution Service 3.0
RP157: 19-5-2011 0:54:02 - Software Distribution Service 3.0
RP158: 20-5-2011 0:19:51 - Software Distribution Service 3.0
RP159: 20-5-2011 15:24:02 - OTL Restore Point
RP160: 20-5-2011 23:41:17 - Software Distribution Service 3.0
RP161: 22-5-2011 0:09:35 - Controlepunt van systeem
RP162: 22-5-2011 3:00:15 - Software Distribution Service 3.0
RP163: 23-5-2011 1:06:58 - Software Distribution Service 3.0
RP164: 23-5-2011 15:16:51 - Herstelbewerking
RP165: 23-5-2011 23:32:35 - Software Distribution Service 3.0
RP166: 24-5-2011 23:49:44 - Software Distribution Service 3.0
RP167: 25-5-2011 0:36:19 - Software Distribution Service 3.0
RP168: 25-5-2011 14:23:20 - Software Distribution Service 3.0
RP169: 26-5-2011 0:53:33 - Software Distribution Service 3.0
RP170: 27-5-2011 1:21:15 - Controlepunt van systeem
RP171: 27-5-2011 3:00:15 - Software Distribution Service 3.0
.
==== Hosts File Hijack ======================
.
Hosts: 69.72.252.252 www.google.com
Hosts: 178.17.165.3 www.google.com
Hosts: 69.72.252.252 www.google.com.au
Hosts: 178.17.165.3 www.google.com.au
Hosts: 69.72.252.252 www.google.be
Hosts: 178.17.165.3 www.google.be
Hosts: 69.72.252.252 www.google.com.br
Hosts: 178.17.165.3 www.google.com.br
Hosts: 69.72.252.252 www.google.ca
Hosts: 178.17.165.3 www.google.ca
Hosts: 69.72.252.252 www.google.ch
Hosts: 178.17.165.3 www.google.ch
Hosts: 69.72.252.252 www.google.de
Hosts: 178.17.165.3 www.google.de
Hosts: 69.72.252.252 www.google.dk
Hosts: 178.17.165.3 www.google.dk
Hosts: 69.72.252.252 www.google.fr
Hosts: 178.17.165.3 www.google.fr
Hosts: 69.72.252.252 www.google.ie
Hosts: 178.17.165.3 www.google.ie
Hosts: 69.72.252.252 www.google.it
Hosts: 178.17.165.3 www.google.it
Hosts: 69.72.252.252 www.google.co.jp
Hosts: 178.17.165.3 www.google.co.jp
Hosts: 69.72.252.252 www.google.nl
Hosts: 178.17.165.3 www.google.nl
Hosts: 69.72.252.252 www.google.no
Hosts: 178.17.165.3 www.google.no
Hosts: 69.72.252.252 www.google.co.nz
Hosts: 178.17.165.3 www.google.co.nz
Hosts: 69.72.252.252 www.google.pl
Hosts: 178.17.165.3 www.google.pl
Hosts: 69.72.252.252 www.google.se
Hosts: 178.17.165.3 www.google.se
Hosts: 69.72.252.252 www.google.co.uk
Hosts: 178.17.165.3 www.google.co.uk
Hosts: 69.72.252.252 www.google.co.za
Hosts: 178.17.165.3 www.google.co.za
Hosts: 69.72.252.252 www.bing.com
Hosts: 178.17.165.3 www.bing.com
Hosts: 69.72.252.252 search.yahoo.com
Hosts: 178.17.165.3 search.yahoo.com
Hosts: 69.72.252.252 uk.search.yahoo.com
Hosts: 178.17.165.3 uk.search.yahoo.com
Hosts: 69.72.252.252 ca.search.yahoo.com
Hosts: 178.17.165.3 ca.search.yahoo.com
Hosts: 69.72.252.252 de.search.yahoo.com
Hosts: 178.17.165.3 de.search.yahoo.com
Hosts: 69.72.252.252 fr.search.yahoo.com
Hosts: 178.17.165.3 fr.search.yahoo.com
Hosts: 69.72.252.252 au.search.yahoo.com
Hosts: 178.17.165.3 au.search.yahoo.com
Hosts: 69.72.252.252 www.google-analytics.com
Hosts: 178.17.165.3 www.google-analytics.com
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.42
Acronis True Image Home
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1) - Nederlands
ATI - Software-verwijderprogramma
ATI Catalyst Control Center
ATI Display Driver
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479628)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485376)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
ClearType Tuning Control Panel Applet
CyberMania Eset Patch
Driver Genius Professional Edition
EAX4 Unified Redist
ERUNT 1.1j
ESET NOD32 Antivirus
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix voor Windows XP (KB2443685)
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
K-Lite Mega Codec Pack 4.1.4
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended NLD Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Dutch) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
MSVCRT
MSXML 6.0 Parser (KB933579)
Platform
PokerStars
Registry Reviver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skins
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
VIA Platform apparaatbeheer
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
XML Paper Specification Shared Components Language Pack 1.0
.
==== End Of File ===========================

[shelf life]

Hi,

We will get another download to use. Its called Combofix. There is a guide to read first. read the guide then apply the directions on your own machine:

Dutch guide

[dinand]

i had run the combofix program after i read the guide and have done what requested.

do you need the log?

[dinand]

well you didn't ask, but in the guide was stand that is was needed to put the log in the forum for futher analyse.

ComboFix 11-05-26.05 - Ten Damme 27-05-2011 17:37:17.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1024.651 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Ten Damme\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\59bd24
c:\documents and settings\All Users\Application Data\59bd24\3648.mof
c:\documents and settings\All Users\Application Data\59bd24\BackUp\McAfee Security Scan Plus.lnk
c:\documents and settings\All Users\Application Data\59bd24\PSG.ico
c:\documents and settings\Ten Damme\Onlangs geopend\ANTIGEN.drv
c:\documents and settings\Ten Damme\Onlangs geopend\ANTIGEN.exe
c:\documents and settings\Ten Damme\Onlangs geopend\ANTIGEN.sys
c:\documents and settings\Ten Damme\Onlangs geopend\cb.exe
c:\documents and settings\Ten Damme\Onlangs geopend\cb.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\cid.sys
c:\documents and settings\Ten Damme\Onlangs geopend\CLSV.dll
c:\documents and settings\Ten Damme\Onlangs geopend\CLSV.drv
c:\documents and settings\Ten Damme\Onlangs geopend\CLSV.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\DBOLE.exe
c:\documents and settings\Ten Damme\Onlangs geopend\DBOLE.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\ddv.exe
c:\documents and settings\Ten Damme\Onlangs geopend\ddv.sys
c:\documents and settings\Ten Damme\Onlangs geopend\delfile.drv
c:\documents and settings\Ten Damme\Onlangs geopend\delfile.sys
c:\documents and settings\Ten Damme\Onlangs geopend\eb.dll
c:\documents and settings\Ten Damme\Onlangs geopend\eb.exe
c:\documents and settings\Ten Damme\Onlangs geopend\eb.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\energy.dll
c:\documents and settings\Ten Damme\Onlangs geopend\energy.exe
c:\documents and settings\Ten Damme\Onlangs geopend\energy.sys
c:\documents and settings\Ten Damme\Onlangs geopend\energy.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\exec.dll
c:\documents and settings\Ten Damme\Onlangs geopend\exec.drv
c:\documents and settings\Ten Damme\Onlangs geopend\exec.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\fan.exe
c:\documents and settings\Ten Damme\Onlangs geopend\fan.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\fix.dll
c:\documents and settings\Ten Damme\Onlangs geopend\fix.drv
c:\documents and settings\Ten Damme\Onlangs geopend\fix.sys
c:\documents and settings\Ten Damme\Onlangs geopend\FS.exe
c:\documents and settings\Ten Damme\Onlangs geopend\kernel32.exe
c:\documents and settings\Ten Damme\Onlangs geopend\kernel32.sys
c:\documents and settings\Ten Damme\Onlangs geopend\kernel32.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\pal.drv
c:\documents and settings\Ten Damme\Onlangs geopend\PE.dll
c:\documents and settings\Ten Damme\Onlangs geopend\PE.drv
c:\documents and settings\Ten Damme\Onlangs geopend\PE.exe
c:\documents and settings\Ten Damme\Onlangs geopend\PE.sys
c:\documents and settings\Ten Damme\Onlangs geopend\PE.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\ppal.dll
c:\documents and settings\Ten Damme\Onlangs geopend\ppal.drv
c:\documents and settings\Ten Damme\Onlangs geopend\ppal.tmp
c:\documents and settings\Ten Damme\Onlangs geopend\runddlkey.exe
c:\documents and settings\Ten Damme\Onlangs geopend\runddlkey.sys
c:\documents and settings\Ten Damme\Onlangs geopend\SICKBOY.exe
c:\documents and settings\Ten Damme\Onlangs geopend\SICKBOY.sys
c:\documents and settings\Ten Damme\Onlangs geopend\sld.exe
c:\documents and settings\Ten Damme\Onlangs geopend\sld.sys
c:\documents and settings\Ten Damme\Onlangs geopend\SM.exe
c:\documents and settings\Ten Damme\Onlangs geopend\SM.sys
c:\documents and settings\Ten Damme\Onlangs geopend\snl2w.dll
c:\documents and settings\Ten Damme\Onlangs geopend\snl2w.drv
c:\documents and settings\Ten Damme\Onlangs geopend\snl2w.sys
c:\documents and settings\Ten Damme\Onlangs geopend\std.drv
c:\documents and settings\Ten Damme\Onlangs geopend\std.sys
c:\documents and settings\Ten Damme\Onlangs geopend\tempdoc.sys
c:\documents and settings\Ten Damme\Onlangs geopend\tjd.dll
c:\documents and settings\Ten Damme\Onlangs geopend\tjd.exe
c:\documents and settings\Ten Damme\Onlangs geopend\tjd.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-27 to 2011-05-27 ))))))))))))))))))))))))))))))
.
.
2011-05-26 20:42 . 2011-05-26 20:42 -------- d-----w- c:\documents and settings\Ten Damme\Application Data\Malwarebytes
2011-05-26 20:42 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 20:42 . 2011-05-26 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-26 20:41 . 2011-05-26 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-26 20:41 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 13:17 . 2011-05-23 13:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-20 17:58 . 2011-05-20 17:58 -------- d-----w- c:\program files\ERUNT
2011-05-16 18:52 . 2011-05-16 18:52 -------- d-----w- c:\documents and settings\Ten Damme\Application Data\PlayFirst
2011-05-16 18:52 . 2011-05-16 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2011-05-16 18:52 . 2011-05-16 18:54 -------- d-----w- c:\program files\Dream Chronicles Deluxe
2011-05-16 18:51 . 2011-05-16 18:52 -------- d-----w- c:\program files\Sunset Studio Deluxe
2011-05-16 18:15 . 2011-05-16 18:54 -------- d-----w- c:\program files\Sally's Salon Deluxe
2011-05-16 15:53 . 2011-05-16 15:53 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-05-14 06:31 . 2011-05-14 06:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\PSZJGIG
2011-05-11 11:35 . 2011-05-11 11:35 -------- d-----w- c:\documents and settings\Ten Damme\Local Settings\Application Data\Help
2011-05-04 19:59 . 2011-05-04 19:59 4 ----a-w- C:\timestmp.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 22:52 . 2011-04-01 22:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-01 22:52 . 2011-04-01 22:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-16 11:28 . 2011-04-24 16:51 16704 ----a-w- c:\windows\system32\roboot.exe
2011-03-07 05:31 . 2011-02-15 17:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:35 . 2010-07-26 11:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2010-07-26 11:14 1867008 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-26 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [2011-03-16 1736000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-24 2145000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-12-03 5076064]
"Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-12-03 357400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\Ten Damme\Menu Start\Programma's\Opstarten\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [15-2-2011 16:47 911552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24-3-2010 20:31 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24-3-2010 20:33 95872]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [15-2-2011 16:47 2475952]
R2 CyberMania;CyberMania;c:\program files\ESET\ServiceEx.exe run --> c:\program files\ESET\ServiceEx.exe run [?]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24-3-2010 20:31 810120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [15-2-2011 16:47 159296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 14:49 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-27 c:\windows\Tasks\User_Feed_Synchronization-{EEFBFC40-3F38-40C3-8189-5CB90CD38275}.job
- c:\windows\system32\msfeedssync.exe [2010-07-26 11:16]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyServer = http=127.0.0.1:25498
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: jijbent.nl\www
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-TaskTray - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 17:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2011-05-27 17:44:23
ComboFix-quarantined-files.txt 2011-05-27 15:44
.
Pre-Run: 68.441.640.960 bytes beschikbaar
Post-Run: 68.536.770.560 bytes beschikbaar
.
- - End Of File - - AF3733F551F70D9A1B977FD55085385A

[shelf life]

hi,

Ok good. Yes I did want the log. One last thing is to reset your host file. you can follow this link and click the "fix It" button

[dinand]

hi,

Ok good. Yes I did want the log. One last thing is to reset your host file. you can follow this link and click the "fix It" button

Done the computer is restartet!
what i have to do whit al those programs i have now.

for helping me and al the time you invest with you quick answers

Greetz Dinand

[shelf life]

hi,

Your welcome. Looks like we are done. You can remove combofix like this:

start>run and type in combofix /uninstall
click ok or enter
note the space after the x and before the /

Note that the free version of malwarebytes must be updated manually and a scan started manually. Its good practice to check for up dates say once a week or so even if you dont scan with it then.

you can make a new restore point, the how and the why:

One of the features of Windows XP, Vista and Windows7 is System Restore. However if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

And last are some tips to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, QuickTime, browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) Securing IE for safer Browsing. How to harden FireFox for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file? A file can be named anything, be nothing but malware or have malware bundled in it.


More info/tips with pictures in links below.

Happy Safe Surfing.