Mededeling

Collapse
No announcement yet.

Trojan-Dropper.Win32.Agent.dgo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan-Dropper.Win32.Agent.dgo

    Hallo ,
    Ik heb kaspersky internetsecuirity 7 geinstalleerd legaal en die meldt mij iedere keer na het opstarten het volgende Bestand bevat trojan en de actei Schoongemaakt kan niet worden uitgevoerd
    Trojan:
    Trojan-Dropper.Win32.Agent.dgo
    bestand
    C:\WINDOWS\SYSTEM32\JKHHE.EXE
    ook het opstarten loopt vreselijk traag eerder nooit geweest.
    ik zal een hyack bijvoegen, bij kaspersky weten ze eigenlijk niet goed wat ze hier mee aan moeten ? vandaar mijn dringende vraag hiergeplaatst .
    groet benji.
    Logfile of HijackThis v1.99.1
    Scan saved at 15:29:40, on 3-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Firefly Media Server\firefly.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Windows Media Connect\mswmcls.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Windows Media Connect\mswmc.exe
    C:\downloads\utorrent.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Fam. Tol\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [L08AXLRD_6070937] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.duostartorrents.org
    O15 - Trusted Zone: http://www.helpmij.nl
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
    O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

  • #2
    Hallo benjitol,

    Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe
    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Herstart de computer.
    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Meldt of er nog problemen zijn.

    Comment


    • #3
      C:\windows\system32\jkhhe.exe

      O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

      dit staat er niet tussen bij de hyjack
      hier is hijLogfile of HijackThis v1.99.1
      Scan saved at 18:34:54, on 4-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Firefly Media Server\firefly.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      C:\Program Files\Windows Media Connect\mswmcls.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      c:\program files\windows media connect\mswmccds.exe
      C:\Program Files\Windows Media Connect\mswmc.exe
      C:\WINDOWS\system32\lxcecoms.exe
      C:\WINDOWS\System32\alg.exe
      C:\downloads\utorrent.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Fam. Tol\Bureaublad\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
      O2 - BHO: (no name) - {3AEC3373-C823-4853-97D4-5B5549833BC3} - (no file)
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {A2673D28-A47A-4705-87CF-10B41DE98D37} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
      O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
      O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
      O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
      O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: http://www.duostartorrents.org
      O15 - Trusted Zone: http://www.helpmij.nl
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O20 - Winlogon Notify: wvuuvuv - wvuuvuv.dll (file missing)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
      O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
      O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
      O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
      O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

      Comment


      • #4
        Oorspronkelijk geplaatst door Marckie Bekijk Berichten
        Hallo benjitol,

        Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe
        ??

        Comment


        • #5
          Hallo Mackie,
          Heb gedaan wat je had gezegd en de nieuwe hijack geinstalleerd en dit is het logfile Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 14:14:54, on 5-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
          C:\Program Files\a-squared Free\a2service.exe
          C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
          C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\WINDOWS\system32\cisvc.exe
          C:\WINDOWS\system32\CTsvcCDA.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\system32\tcpsvcs.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          C:\Program Files\Windows Media Connect\mswmcls.exe
          C:\WINDOWS\system32\MsPMSPSv.exe
          C:\WINDOWS\system32\SearchIndexer.exe
          C:\Program Files\Firefly Media Server\firefly.exe
          C:\Program Files\Windows Media Connect\mswmc.exe
          C:\WINDOWS\system32\lxcecoms.exe
          C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
          C:\WINDOWS\system32\cidaemon.exe
          C:\WINDOWS\system32\cidaemon.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
          O2 - BHO: (no name) - {3AEC3373-C823-4853-97D4-5B5549833BC3} - (no file)
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: (no name) - {A2673D28-A47A-4705-87CF-10B41DE98D37} - (no file)
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
          O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
          O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
          O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
          O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
          O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
          O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
          O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O15 - Trusted Zone: http://www.duostartorrents.org
          O15 - Trusted Zone: http://www.helpmij.nl
          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
          O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O20 - Winlogon Notify: wvuuvuv - wvuuvuv.dll (file missing)
          O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
          O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
          O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
          O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
          O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
          O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
          O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
          O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
          O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

          --
          End of file - 11560 bytes


          Zoals je ziet staat 04 systeem ...... er niet meer tussen????
          groet benji

          Comment


          • #6
            Hij staat er inderdaad niet meer tussen benji.


            Sluit alle open vensters.
            Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

            O2 - BHO: (no name) - {3AEC3373-C823-4853-97D4-5B5549833BC3} - (no file)
            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
            O2 - BHO: (no name) - {A2673D28-A47A-4705-87CF-10B41DE98D37} - (no file)
            O20 - Winlogon Notify: wvuuvuv - wvuuvuv.dll (file missing)


            Klik daarna op "Fix checked" en sluit HijackThis af.


            Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
            Plaats het op je bureaublad.
            Dubbelklik er op om het programma te starten.
            In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
            Volg de instructies op het scherm.
            Als het tooltje klaar is, opent er een logfile (combofix.txt).
            Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

            Comment


            • #7
              hijack
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 18:35:24, on 5-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
              C:\Program Files\a-squared Free\a2service.exe
              C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
              C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\WINDOWS\system32\CTsvcCDA.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Eset\nod32krn.exe
              C:\WINDOWS\system32\tcpsvcs.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
              C:\Program Files\Windows Media Connect\mswmcls.exe
              C:\WINDOWS\system32\MsPMSPSv.exe
              C:\WINDOWS\system32\SearchIndexer.exe
              C:\Program Files\Firefly Media Server\firefly.exe
              C:\Program Files\Windows Media Connect\mswmc.exe
              C:\WINDOWS\system32\lxcecoms.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
              O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
              O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
              O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
              O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
              O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
              O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
              O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
              O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
              O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
              O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
              O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
              O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
              O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
              O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
              O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
              O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
              O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
              O15 - Trusted Zone: http://www.duostartorrents.org
              O15 - Trusted Zone: http://www.helpmij.nl
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
              O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
              O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
              O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
              O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
              O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
              O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
              O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
              O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
              O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
              O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
              O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
              O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
              O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
              O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
              O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

              --
              End of file - 10988 bytes

              Comment


              • #8
                het combifix logbestand bevat te veel tekens dus dan maar als rar fileComboFix.rar

                Comment


                • #9
                  Maak eens een nieuwe log met combofix en post deze.

                  Comment


                  • #10
                    hallo
                    weer met combofix laten scannen en wachten op het logfile dit duurt namelijk wel ff zeker 1a2 uur???

                    Comment


                    • #11
                      anden Gemaakt van 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))
                      .

                      2008-01-05 16:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                      2008-01-04 18:52 . 2008-01-04 19:27 <DIR> d-------- C:\Documents and Settings\Fam. Tol\.housecall6.6
                      2008-01-04 18:18 . 2008-01-04 18:18 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-01-04 15:50 . 2008-01-04 17:11 <DIR> d-------- C:\VundoFix Backups
                      2008-01-04 14:12 . 2008-01-04 14:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
                      2008-01-04 14:12 . 2008-01-04 14:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
                      2008-01-04 14:12 . 2008-01-04 14:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
                      2008-01-04 14:12 . 2008-01-04 14:12 0 --a------ C:\WINDOWS\system32\mapisvc.inf
                      2008-01-03 20:31 . 2008-01-05 16:42 348,160 --a------ C:\WINDOWS\system32\jkhhe.exe
                      2008-01-03 17:34 . 2008-01-03 17:34 <DIR> d-------- C:\Program Files\Enigma Software Group
                      2008-01-03 16:30 . 2008-01-03 16:30 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\Grisoft
                      2008-01-03 16:29 . 2008-01-03 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                      2008-01-03 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
                      2008-01-03 15:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
                      2008-01-03 14:27 . 2008-01-03 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
                      2008-01-03 14:26 . 2008-01-03 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
                      2008-01-03 14:26 . 2008-01-03 14:26 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\SUPERAntiSpyware.com
                      2008-01-03 13:54 . 2008-01-03 13:54 121,344 --a------ C:\WINDOWS\system32\B1.tmp
                      2008-01-02 15:25 . 2008-01-02 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
                      2008-01-01 17:34 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Target Skills
                      2007-12-31 16:43 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Memory
                      2007-12-30 19:02 . 2007-12-30 19:02 78 --a------ C:\WINDOWS\Spatial
                      2007-12-30 18:57 . 2007-12-31 16:48 80 --a------ C:\WINDOWS\Numerical
                      2007-12-30 18:45 . 2007-12-31 16:43 84 --a------ C:\WINDOWS\Getting Started.htm
                      2007-12-30 18:45 . 2007-12-30 18:48 76 --a------ C:\WINDOWS\Logic
                      2007-12-30 18:44 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Verbal
                      2007-12-30 18:43 . 2007-12-31 16:42 75 --a------ C:\WINDOWS\Times New Roman
                      2007-12-30 18:41 . 2007-12-31 16:42 621 --a------ C:\WINDOWS\0
                      2007-12-30 18:41 . 2007-12-30 18:41 46 --a------ C:\WINDOWS\1
                      2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer 2
                      2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\Program Files\Mindscape
                      2007-12-30 13:15 . 2008-01-05 18:18 17,185,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
                      2007-12-30 13:15 . 2008-01-05 18:12 230,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
                      2007-12-30 13:15 . 2007-12-30 13:24 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
                      2007-12-30 13:15 . 2007-12-30 13:24 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
                      2007-12-30 13:14 . 2007-12-30 13:14 <DIR> d-------- C:\Program Files\Kaspersky Lab
                      2007-12-30 13:14 . 2008-01-05 18:18 178,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
                      2007-12-30 13:14 . 2008-01-05 18:12 17,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
                      2007-12-30 13:00 . 2007-12-30 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
                      2007-12-30 12:23 . 2008-01-03 09:13 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
                      2007-12-26 15:25 . 2008-01-05 18:11 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\uTorrent
                      2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
                      2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
                      2007-12-22 17:05 . 2007-12-22 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\TwonkyMedia
                      2007-12-22 17:04 . 2007-12-22 17:05 <DIR> d-------- C:\Program Files\TwonkyMedia
                      2007-12-07 20:10 . 2007-12-15 16:55 <DIR> d-------- C:\Program Files\Guitar Speed Trainer

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-01-05 17:16 --------- d-----w C:\Program Files\Lx_cats
                      2008-01-05 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                      2008-01-05 17:15 --------- d-----w C:\Program Files\Firefly Media Server
                      2008-01-04 16:20 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
                      2008-01-04 16:11 --------- d-----w C:\Program Files\Hitman Pro
                      2008-01-04 15:59 --------- d-----w C:\Program Files\Spyware Doctor
                      2008-01-04 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-01-04 13:14 --------- d-----w C:\Program Files\SpywareBlaster
                      2008-01-03 15:28 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
                      2008-01-03 14:58 --------- d-----w C:\Program Files\Bonjour
                      2008-01-03 14:55 --------- d-----w C:\Program Files\Windows Desktop Search
                      2008-01-03 14:55 --------- d-----w C:\Program Files\a-squared Free
                      2008-01-03 14:54 --------- d-----w C:\Program Files\Windows Media Connect
                      2008-01-03 14:54 --------- d-----w C:\Program Files\Lexmark 4300 Series
                      2008-01-03 14:52 --------- d-----w C:\Program Files\Google
                      2008-01-03 13:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                      2007-12-30 16:15 --------- d-----w C:\Program Files\QuickTime
                      2007-12-30 16:15 --------- d-----w C:\Program Files\iTunes
                      2007-12-30 13:12 --------- d-----w C:\Program Files\PFConfig
                      2007-12-30 11:22 --------- d-----w C:\Program Files\MSN Messenger
                      2007-12-30 09:30 160,256 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
                      2007-12-28 15:55 --------- d-----w C:\Program Files\PowerISO
                      2007-12-28 15:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
                      2007-12-28 15:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions
                      2007-12-28 15:55 --------- d-----w C:\Program Files\BitComet
                      2007-12-27 11:25 --------- d-----w C:\Program Files\Styler
                      2007-12-27 11:21 --------- d-----w C:\Documents and Settings\Fam. Tol\Application Data\Intermedia Design
                      2007-12-27 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Data
                      2007-12-26 14:52 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
                      2007-12-26 14:52 --------- d-----w C:\Program Files\AutoCAD 2008
                      2007-12-26 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
                      2007-12-26 14:42 --------- d-----w C:\Program Files\BitLord
                      2007-12-25 17:41 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
                      2007-12-14 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                      2007-12-08 16:35 --------- d-----w C:\Program Files\DJ2000
                      2007-11-19 19:07 --------- d-----w C:\Program Files\Plus!
                      2007-11-18 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
                      2007-11-18 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
                      2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
                      2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Adobe
                      2007-11-18 13:54 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
                      2007-11-18 13:54 129,784 ------w C:\WINDOWS\system32\pxafs.dll
                      2007-11-18 13:54 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
                      2007-11-18 13:54 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
                      2007-11-15 17:22 --------- d-----w C:\Program Files\PassportPhoto
                      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                      2007-11-10 14:11 --------- d-----w C:\Program Files\PC Wizard 2008
                      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                      2007-05-20 09:02 2,875 ----a-w C:\Documents and Settings\Fam. Tol\Application Data\SAS7_000.DAT
                      2007-02-17 10:36 88,986,386 ----a-w C:\Program Files\520g&500g-X&550gE Wireless Router Utilities.zip
                      2006-10-13 18:02 1,048,576 ---ha-w C:\Program Files\cache.dmx
                      2004-08-03 23:03 208,896 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
                      2002-08-05 05:45 351,668,780 ----a-w C:\Program Files\Data.Cab
                      2002-08-05 05:45 1,117,552 ----a-w C:\Program Files\AT&T Labs' Natural Voices - Desktop 1.4.msi
                      2002-08-05 05:16 904 ----a-w C:\Program Files\Setup.INI
                      2001-06-21 12:01 180,224 ----a-w C:\Program Files\setup.exe
                      2001-06-13 14:15 3,166 ----a-w C:\Program Files\0x0409.ini
                      2001-05-08 12:04 1,531,984 ----a-w C:\Program Files\instmsiw.exe
                      2001-05-08 12:01 1,519,696 ----a-w C:\Program Files\instmsia.exe
                      2004-08-03 23:03 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
                      .
                      Code:
                      <pre>
                      ----a-w            39,792 2007-12-30 12:18:46  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
                      ----a-w           153,136 2007-12-29 09:17:46  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
                      ----a-w            81,920 2007-12-30 10:47:37  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
                      ----a-w           102,400 2007-12-30 10:48:23  C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
                      ----a-w           135,168 2007-12-30 12:18:47  C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
                      ----a-w            45,056 2007-12-30 12:18:44  C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
                      ----a-w            45,056 2007-12-30 10:47:43  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
                      ----a-w            49,152 2007-12-30 10:47:41  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
                      ----a-w            61,440 2007-12-30 10:44:53  C:\Program Files\Digidesign\Drivers\MMERefresh .exe
                      ----a-w           847,872 2008-01-03 18:14:03  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
                      ----a-w         6,731,312 2008-01-03 18:14:10  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
                      ----a-w           257,088 2007-12-29 09:17:48  C:\Program Files\iTunes\iTunesHelper .exe
                      ----a-w            94,208 2007-12-30 10:47:37  C:\Program Files\Lexmark 4300 Series\ezprint .exe
                      ----a-w            31,016 2007-12-29 09:17:58  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
                      ----a-w         5,674,352 2007-12-30 10:48:18  C:\Program Files\MSN Messenger\MsnMsgr .Exe
                      ----a-w         1,318,912 2008-01-03 18:14:04  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
                      ----a-w           160,256 2007-12-30 09:30:12  C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
                      ----a-w            15,360 2008-01-03 08:13:51  C:\WINDOWS\system32\ctfmon .exe
                      </pre>

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
                      "WebCam Go Plus Sti Service Application"="Wcgopsvc"
                      "Cmaudio"="cmicnfg.cpl"
                      "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

                      C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\
                      Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
                      TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]

                      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
                      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
                      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                      "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

                      SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
                      @="Driver Group"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
                      @="Driver"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
                      @="DiskDrive"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
                      @="Hdc"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
                      @="Keyboard"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
                      @="Mouse"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
                      @="System"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
                      @="Volume"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
                      backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Multikabel Eerste Hulp Thuis.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Multikabel Eerste Hulp Thuis.lnk
                      backup=C:\WINDOWS\pss\Multikabel Eerste Hulp Thuis.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
                      path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
                      backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Philips Media Manager.lnk]
                      path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Philips Media Manager.lnk
                      backup=C:\WINDOWS\pss\Philips Media Manager.lnkStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^RocketDock.lnk]
                      path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\RocketDock.lnk
                      backup=C:\WINDOWS\pss\RocketDock.lnkStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^UberIcon.lnk]
                      path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\UberIcon.lnk
                      backup=C:\WINDOWS\pss\UberIcon.lnkStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
                      path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Y'z Shadow.lnk
                      backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
                      C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
                      C:\Program Files\BitComet\BitComet.exe /tray

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
                      CTHELPER.EXE

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FireflyShell]
                      C:\Program Files\Firefly Media Server\FireflyShell.exe -q

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
                      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                      C:\Program Files\iTunes\iTunesHelper.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
                      2008-01-05 16:42 348160 --a------ C:\WINDOWS\system32\jkhhe.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
                      C:\PROGRA~1\MULTIK~1\SMARTB~1\MotiveSB.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                      C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
                      C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
                      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
                      C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

                      R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2005-08-04 16:19]
                      R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2005-08-04 16:19]
                      R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 10:54]
                      R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-04 17:20]
                      R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
                      R2 Firefly Media Server;Firefly Media Server;C:\Program Files\Firefly Media Server\firefly.exe [2006-08-20 22:43]
                      R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
                      R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 01:02]
                      R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 01:04]
                      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
                      S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                      S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                      S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                      S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                      S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                      p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
                      \Shell\AutoRun\command - G:\Setup.exe

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
                      \Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c2c654-9561-11da-b94e-005070b55817}]
                      \Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b10915-0f98-11dc-955a-005070b55817}]
                      \Shell\AutoRun\command - J:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2007-05-13 10:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                      "2008-01-04 17:13:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"
                      - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-01-05 18:16:59
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-01-05 18:33:54 - machine was rebooted
                      ComboFix-quarantined-files.txt 2008-01-05 17:33:45
                      .
                      2007-12-14 21:37:43 --- E O F ---

                      Comment


                      • #12
                        Open een kladblokbestand.
                        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                        Sla het kladblokbestand op als CFScript.txt
                        Code:
                        RENV::
                        C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
                        C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
                        C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
                        C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
                        C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
                        C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
                        C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
                        C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
                        C:\Program Files\Digidesign\Drivers\MMERefresh .exe
                        C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
                        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
                        C:\Program Files\iTunes\iTunesHelper .exe
                        C:\Program Files\Lexmark 4300 Series\ezprint .exe
                        C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
                        C:\Program Files\MSN Messenger\MsnMsgr .Exe
                        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
                        C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
                        C:\WINDOWS\system32\ctfmon .exe
                        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                        ComboFix zal opnieuw starten.
                        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                        Post de inhoud van de logfile.

                        Comment


                        • #13
                          Hallo Marckie,
                          Ik heb nu wel alle verdachte dingen in backup kasprersky laten zetten:
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part34.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503855.exe 401 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503881.exe 5,8 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502851.exe 422,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502855.exe 401 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502869.exe 499 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503880.exe 404 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503849.exe 482,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503856.exe 404 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part09.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503857.exe 380 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part28.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part27.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503878.exe 401 KB
                          Geïnfecteerd: trojan Backdoor.Win32.Rbot.ffq c:\downloads\n.8.1.2.0.keygen.by.rlzorro.rar 969,8 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part23.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\quicktime\qttask .exe 642,5 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\local settings\temp\uyf4e7\pbec.dat 63,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part07.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504192.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502856.exe 404 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504077.exe 380 KB
                          Geïnfecteerd: trojan Trojan-Downloader.Win32.Small.hkt c:\documents and settings\fam. tol\local settings\temp\uyf4e7\trvp.exe 9 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp402\a0504271.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\itunes\ituneshelper.exe 680,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part02.rar 4,9 MB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\mijn documenten\downloads\keygen.exe 566,4 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.PurityScan.gp c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp398\a0501438.exe 40,7 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504136.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503852.exe 422,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part37.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504159.exe 680,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\creative\mediasource\remotecontrol\rcman.exe 482,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP398\A0501455.exe 3,5 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Agent.zk c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc36\play.exe 98,4 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\local settings\temp\uyf4e7\trvp.dat 9 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part17.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part44.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\windows\pchealth\helpctr\binaries\msconfig.exe.tmp 499 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\creative\sb drive det\sbdrvdet.exe 408 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504075.exe 408 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo ctfmon.exe\ctfmon.exe 372 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\adobe\reader 8.0\reader\reader_sl.exe 380 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part08.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\windows\system32\ctfmon.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo RcMan.exe\RcMan.exe 496 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe 1,4 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part32.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part16.rar 4,9 MB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\local settings\temp\uyf4e7\qpfu.dat 218,8 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502853.exe 401 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP406\A0505626.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part24.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part43.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502849.exe 408 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part33.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part31.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part26.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502852.exe 435,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503896.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504095.exe 408 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part11.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504094.exe 482,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502859.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part38.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504074.exe 482,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part03.rar 4,9 MB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\documents and settings\all users\application data\kaspersky lab\avp7\pdmhist\5d4.714090d001c8507d.history\000000ca.bak 336,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part39.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part21.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Downloader.Win32.Agent.dmj c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp342\a0491175.exe 9,4 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part25.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Downloader.Win32.PurityScan.fg c:\documents and settings\fam. tol\local settings\temp\uyf4e7\qpfu.exe 218,8 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp407\a0505807.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504111.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part01.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503846.exe 5,8 MB
                          Verdacht: virus Heur.Invader (modification) c:\combofix\catchme.cfexe 139 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503888.exe 380 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part40.rar 4,9 MB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Agent.zk c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504163.exe 98,4 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503909.exe 482,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501389.exe 3,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503910.exe 408 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504160.exe 373 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504216.exe 356,5 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dhx c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503877.dll 38,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504078.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part42.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502452.Exe 5,8 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503854.exe 401 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504158.exe 490,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\windows\system32\jkhhe.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503858.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501401.Exe 5,8 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP398\A0501426.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp407\a0505788.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504096.exe 380 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part30.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503913.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502847.exe 482,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part19.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp408\a0505822.exe 340 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp406\a0505615.dll 336,5 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\mijn documenten\downloads\microsoft office 2007 activation crack.zip 549,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo avgas.exe\avgas.exe 7,2 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\windows\system32\ctfmon.exe.tmp 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp403\a0504356.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501378.exe 3,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part20.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp405\a0504485.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part14.rar 4,9 MB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\documents and settings\fam. tol\local settings\temporary internet files\content.ie5\rr7c4k6q\css4[1] 336,4 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501406.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part45.rar 537,3 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503911.exe 380 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502857.exe 380 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP398\A0501427.Exe 5,8 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503850.exe 460 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part29.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Downloader.Win32.Agent.gwh c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp398\a0501437.exe 39 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part13.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo SUPERAntiSpyware.exe\SUPERAntiSpyware.exe 1,7 MB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\8f4.63596A3C01C84E0C.history\00000003.bak 336,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo SpyHunter3.exe\SpyHunter3.exe 1,4 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\documents and settings\fam. tol\local settings\temp\rcx18.tmp 401 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503886.exe 482,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part22.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Downloader.Win32.PurityScan.fg C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP406\A0505612.exe 142,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504161.exe 642,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part41.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503887.exe 408 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501404.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp402\a0504299.exe 356,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part12.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part18.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp404\a0504430.exe 340 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.PurityScan.gi c:\documents and settings\fam. tol\local settings\temp\mshtml2.exe 44 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part35.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP406\A0505563.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp408\a0509096.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502848.exe 460 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\common files\ahead\lib\nerocheck.exe 490,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part05.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502845.Exe 5,8 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503851.exe 408 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\program files\microsoft office\office12\groovemonitor.exe 373 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part36.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\quicktime\qttask.exe 642,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502468.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp409\a0509132.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504162.exe 642,5 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe 7,1 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part15.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp405\a0505529.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503879.exe 460 KB
                          Verdacht: virus Heur.Invader (modification) c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp408\a0509054.exe 1,4 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 1,7 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part06.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp409\a0509145.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp404\a0504372.exe 340 KB
                          Geïnfecteerd: adware not-a-virus:AdWare.Win32.Agent.zk c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp356\a0491945.exe 98,4 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part04.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504097.exe 340 KB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part10.rar 4,9 MB
                          Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503853.exe 435,5 KB


                          Hier het logfile van combofix:
                          ComboFix 08-01-04.1 - Fam. Tol 2008-01-07 17:17:05.2 - NTFSx86
                          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.416 [GMT 1:00]
                          Gestart vanuit: C:\Documents and Settings\Fam. Tol\Bureaublad\combofix.exe
                          Command switches used :: C:\Documents and Settings\Fam. Tol\Bureaublad\CFScript.txt
                          * Nieuw herstelpunt werd aangemaakt
                          .

                          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
                          .

                          2008-01-06 12:40 . 2008-01-06 12:40 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
                          2008-01-05 20:20 . 2008-01-05 20:20 34,043 --a------ C:\ComboFix.rar
                          2008-01-05 16:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                          2008-01-04 18:52 . 2008-01-04 19:27 <DIR> d-------- C:\Documents and Settings\Fam. Tol\.housecall6.6
                          2008-01-04 18:18 . 2008-01-04 18:18 <DIR> d-------- C:\Program Files\Trend Micro
                          2008-01-04 15:50 . 2008-01-04 17:11 <DIR> d-------- C:\VundoFix Backups
                          2008-01-04 14:12 . 2008-01-04 14:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
                          2008-01-04 14:12 . 2008-01-04 14:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
                          2008-01-04 14:12 . 2008-01-04 14:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
                          2008-01-04 14:12 . 2008-01-04 14:12 0 --a------ C:\WINDOWS\system32\mapisvc.inf
                          2008-01-03 17:34 . 2008-01-03 17:34 <DIR> d-------- C:\Program Files\Enigma Software Group
                          2008-01-03 16:30 . 2008-01-03 16:30 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\Grisoft
                          2008-01-03 16:29 . 2008-01-03 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                          2008-01-03 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
                          2008-01-03 15:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
                          2008-01-03 14:27 . 2008-01-03 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
                          2008-01-03 14:26 . 2008-01-03 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
                          2008-01-03 14:26 . 2008-01-03 14:26 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\SUPERAntiSpyware.com
                          2008-01-03 13:54 . 2008-01-03 13:54 121,344 --a------ C:\WINDOWS\system32\B1.tmp
                          2008-01-02 15:25 . 2008-01-02 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
                          2008-01-01 17:34 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Target Skills
                          2007-12-31 16:43 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Memory
                          2007-12-30 19:02 . 2007-12-30 19:02 78 --a------ C:\WINDOWS\Spatial
                          2007-12-30 18:57 . 2007-12-31 16:48 80 --a------ C:\WINDOWS\Numerical
                          2007-12-30 18:45 . 2007-12-31 16:43 84 --a------ C:\WINDOWS\Getting Started.htm
                          2007-12-30 18:45 . 2007-12-30 18:48 76 --a------ C:\WINDOWS\Logic
                          2007-12-30 18:44 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Verbal
                          2007-12-30 18:43 . 2007-12-31 16:42 75 --a------ C:\WINDOWS\Times New Roman
                          2007-12-30 18:41 . 2007-12-31 16:42 621 --a------ C:\WINDOWS\0
                          2007-12-30 18:41 . 2007-12-30 18:41 46 --a------ C:\WINDOWS\1
                          2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer 2
                          2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\Program Files\Mindscape
                          2007-12-30 13:15 . 2008-01-07 17:29 18,317,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
                          2007-12-30 13:15 . 2008-01-06 22:19 246,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
                          2007-12-30 13:15 . 2007-12-30 13:24 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
                          2007-12-30 13:15 . 2007-12-30 13:24 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
                          2007-12-30 13:14 . 2007-12-30 13:14 <DIR> d-------- C:\Program Files\Kaspersky Lab
                          2007-12-30 13:14 . 2008-01-07 17:29 191,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
                          2007-12-30 13:14 . 2008-01-06 22:19 18,788 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
                          2007-12-30 13:00 . 2007-12-30 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
                          2007-12-30 12:23 . 2008-01-03 09:13 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
                          2007-12-26 15:25 . 2008-01-07 17:29 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\uTorrent
                          2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
                          2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
                          2007-12-22 17:05 . 2007-12-22 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\TwonkyMedia
                          2007-12-22 17:04 . 2007-12-22 17:05 <DIR> d-------- C:\Program Files\TwonkyMedia
                          2007-12-07 20:10 . 2007-12-15 16:55 <DIR> d-------- C:\Program Files\Guitar Speed Trainer

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2008-01-07 16:28 --------- d-----w C:\Program Files\Firefly Media Server
                          2008-01-07 15:58 --------- d-----w C:\Program Files\Lx_cats
                          2008-01-07 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                          2008-01-06 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
                          2008-01-04 16:20 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
                          2008-01-04 16:11 --------- d-----w C:\Program Files\Hitman Pro
                          2008-01-04 15:59 --------- d-----w C:\Program Files\Spyware Doctor
                          2008-01-04 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                          2008-01-04 13:14 --------- d-----w C:\Program Files\SpywareBlaster
                          2008-01-03 15:28 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
                          2008-01-03 14:58 --------- d-----w C:\Program Files\Bonjour
                          2008-01-03 14:55 --------- d-----w C:\Program Files\Windows Desktop Search
                          2008-01-03 14:55 --------- d-----w C:\Program Files\a-squared Free
                          2008-01-03 14:54 --------- d-----w C:\Program Files\Windows Media Connect
                          2008-01-03 14:54 --------- d-----w C:\Program Files\Lexmark 4300 Series
                          2008-01-03 14:52 --------- d-----w C:\Program Files\Google
                          2008-01-03 13:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                          2007-12-30 16:15 --------- d-----w C:\Program Files\QuickTime
                          2007-12-30 16:15 --------- d-----w C:\Program Files\iTunes
                          2007-12-30 13:12 --------- d-----w C:\Program Files\PFConfig
                          2007-12-30 11:22 --------- d-----w C:\Program Files\MSN Messenger
                          2007-12-30 09:30 160,256 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
                          2007-12-28 15:55 --------- d-----w C:\Program Files\PowerISO
                          2007-12-28 15:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
                          2007-12-28 15:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions
                          2007-12-28 15:55 --------- d-----w C:\Program Files\BitComet
                          2007-12-27 11:25 --------- d-----w C:\Program Files\Styler
                          2007-12-27 11:21 --------- d-----w C:\Documents and Settings\Fam. Tol\Application Data\Intermedia Design
                          2007-12-27 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Data
                          2007-12-26 14:52 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
                          2007-12-26 14:52 --------- d-----w C:\Program Files\AutoCAD 2008
                          2007-12-26 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
                          2007-12-26 14:42 --------- d-----w C:\Program Files\BitLord
                          2007-12-25 17:41 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
                          2007-12-14 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                          2007-12-08 16:35 --------- d-----w C:\Program Files\DJ2000
                          2007-11-19 19:07 --------- d-----w C:\Program Files\Plus!
                          2007-11-18 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
                          2007-11-18 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
                          2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
                          2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Adobe
                          2007-11-18 13:54 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
                          2007-11-18 13:54 129,784 ------w C:\WINDOWS\system32\pxafs.dll
                          2007-11-18 13:54 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
                          2007-11-18 13:54 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
                          2007-11-15 17:22 --------- d-----w C:\Program Files\PassportPhoto
                          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                          2007-11-10 14:11 --------- d-----w C:\Program Files\PC Wizard 2008
                          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                          2007-05-20 09:02 2,875 ----a-w C:\Documents and Settings\Fam. Tol\Application Data\SAS7_000.DAT
                          2007-02-17 10:36 88,986,386 ----a-w C:\Program Files\520g&500g-X&550gE Wireless Router Utilities.zip
                          2006-10-13 18:02 1,048,576 ---ha-w C:\Program Files\cache.dmx
                          2004-08-03 23:03 208,896 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
                          2002-08-05 05:45 351,668,780 ----a-w C:\Program Files\Data.Cab
                          2002-08-05 05:45 1,117,552 ----a-w C:\Program Files\AT&T Labs' Natural Voices - Desktop 1.4.msi
                          2002-08-05 05:16 904 ----a-w C:\Program Files\Setup.INI
                          2001-06-21 12:01 180,224 ----a-w C:\Program Files\setup.exe
                          2001-06-13 14:15 3,166 ----a-w C:\Program Files\0x0409.ini
                          2001-05-08 12:04 1,531,984 ----a-w C:\Program Files\instmsiw.exe
                          2001-05-08 12:01 1,519,696 ----a-w C:\Program Files\instmsia.exe
                          2004-08-03 23:03 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
                          .
                          Code:
                          <pre>
                          ----a-w           102,400 2007-12-30 10:48:23  C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
                          ----a-w           135,168 2007-12-30 12:18:47  C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
                          ----a-w            45,056 2007-12-30 12:18:44  C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
                          ----a-w            45,056 2007-12-30 10:47:43  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
                          ----a-w            49,152 2007-12-30 10:47:41  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
                          ----a-w            61,440 2007-12-30 10:44:53  C:\Program Files\Digidesign\Drivers\MMERefresh .exe
                          ----a-w           847,872 2008-01-03 18:14:03  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
                          ----a-w         6,731,312 2008-01-03 18:14:10  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
                          ----a-w           257,088 2007-12-29 09:17:48  C:\Program Files\iTunes\iTunesHelper .exe
                          ----a-w            94,208 2007-12-30 10:47:37  C:\Program Files\Lexmark 4300 Series\ezprint .exe
                          ----a-w            31,016 2007-12-29 09:17:58  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
                          ----a-w         5,674,352 2007-12-30 10:48:18  C:\Program Files\MSN Messenger\MsnMsgr .Exe
                          ----a-w         1,318,912 2008-01-03 18:14:04  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
                          ----a-w           160,256 2007-12-30 09:30:12  C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
                          ----a-w            15,360 2008-01-03 08:13:51  C:\WINDOWS\system32\ctfmon .exe
                          </pre>

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
                          "WebCam Go Plus Sti Service Application"="Wcgopsvc"
                          "Cmaudio"="cmicnfg.cpl"
                          "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

                          C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\
                          Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
                          TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]

                          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
                          "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
                          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                          C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                          "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

                          SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
                          @="Driver Group"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
                          @="Driver"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
                          @="DiskDrive"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
                          @="Hdc"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
                          @="Keyboard"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
                          @="Mouse"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
                          @="System"

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
                          @="Volume"

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
                          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
                          backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Multikabel Eerste Hulp Thuis.lnk]
                          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Multikabel Eerste Hulp Thuis.lnk
                          backup=C:\WINDOWS\pss\Multikabel Eerste Hulp Thuis.lnkCommon Startup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
                          path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
                          backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Philips Media Manager.lnk]
                          path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Philips Media Manager.lnk
                          backup=C:\WINDOWS\pss\Philips Media Manager.lnkStartup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^RocketDock.lnk]
                          path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\RocketDock.lnk
                          backup=C:\WINDOWS\pss\RocketDock.lnkStartup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^UberIcon.lnk]
                          path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\UberIcon.lnk
                          backup=C:\WINDOWS\pss\UberIcon.lnkStartup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
                          path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Y'z Shadow.lnk
                          backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
                          C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
                          C:\Program Files\BitComet\BitComet.exe /tray

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
                          CTHELPER.EXE

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FireflyShell]
                          C:\Program Files\Firefly Media Server\FireflyShell.exe -q

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
                          C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                          C:\Program Files\iTunes\iTunesHelper.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
                          C:\WINDOWS\system32\jkhhe.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
                          C:\PROGRA~1\MULTIK~1\SMARTB~1\MotiveSB.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                          2007-12-29 10:17 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
                          C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
                          C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                          C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
                          C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

                          R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2005-08-04 16:19]
                          R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2005-08-04 16:19]
                          R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 10:54]
                          R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-04 17:20]
                          R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
                          R2 Firefly Media Server;Firefly Media Server;C:\Program Files\Firefly Media Server\firefly.exe [2006-08-20 22:43]
                          R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
                          R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 01:02]
                          R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 01:04]
                          S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
                          S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                          S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                          S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                          S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                          S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                          p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
                          \Shell\AutoRun\command - G:\Setup.exe

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
                          \Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c2c654-9561-11da-b94e-005070b55817}]
                          \Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b10915-0f98-11dc-955a-005070b55817}]
                          \Shell\AutoRun\command - J:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                          .
                          Inhoud van de 'Gedeelde Taken' map
                          "2007-05-13 10:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                          "2008-01-04 17:13:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"
                          - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
                          .
                          **************************************************************************

                          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-01-07 17:29:38
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scannen van verborgen processen ...

                          scannen van verborgen autostart items ...

                          scannen van verborgen bestanden ...

                          Scan succesvol afgerond
                          verborgen bestanden: 0

                          **************************************************************************
                          .
                          Voltooingstijd: 2008-01-07 17:32:32
                          ComboFix-quarantined-files.txt 2008-01-07 16:32:26
                          ComboFix2.txt 2008-01-05 17:33:55
                          .
                          2008-01-05 20:04:36 --- E O F ---

                          Comment


                          • #14
                            Doe het verhaal met CFScript nog een keer.

                            Comment


                            • #15
                              ComboFix 08-01-04.1 - Fam. Tol 2008-01-07 20:23:16.3 - NTFSx86
                              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.405 [GMT 1:00]
                              Gestart vanuit: C:\Documents and Settings\Fam. Tol\Bureaublad\combofix.exe
                              Command switches used :: C:\Documents and Settings\Fam. Tol\Bureaublad\CFScript.txt
                              * Nieuw herstelpunt werd aangemaakt
                              .

                              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
                              .

                              2008-01-06 12:40 . 2008-01-06 12:40 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
                              2008-01-05 20:20 . 2008-01-05 20:20 34,043 --a------ C:\ComboFix.rar
                              2008-01-05 16:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                              2008-01-04 18:52 . 2008-01-04 19:27 <DIR> d-------- C:\Documents and Settings\Fam. Tol\.housecall6.6
                              2008-01-04 18:18 . 2008-01-04 18:18 <DIR> d-------- C:\Program Files\Trend Micro
                              2008-01-04 15:50 . 2008-01-04 17:11 <DIR> d-------- C:\VundoFix Backups
                              2008-01-04 14:12 . 2008-01-04 14:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
                              2008-01-04 14:12 . 2008-01-04 14:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
                              2008-01-04 14:12 . 2008-01-04 14:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
                              2008-01-04 14:12 . 2008-01-04 14:12 0 --a------ C:\WINDOWS\system32\mapisvc.inf
                              2008-01-03 17:34 . 2008-01-03 17:34 <DIR> d-------- C:\Program Files\Enigma Software Group
                              2008-01-03 16:30 . 2008-01-03 16:30 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\Grisoft
                              2008-01-03 16:29 . 2008-01-03 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                              2008-01-03 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
                              2008-01-03 15:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
                              2008-01-03 14:27 . 2008-01-03 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
                              2008-01-03 14:26 . 2008-01-03 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
                              2008-01-03 14:26 . 2008-01-03 14:26 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\SUPERAntiSpyware.com
                              2008-01-03 13:54 . 2008-01-03 13:54 121,344 --a------ C:\WINDOWS\system32\B1.tmp
                              2008-01-02 15:25 . 2008-01-02 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
                              2008-01-01 17:34 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Target Skills
                              2007-12-31 16:43 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Memory
                              2007-12-30 19:02 . 2007-12-30 19:02 78 --a------ C:\WINDOWS\Spatial
                              2007-12-30 18:57 . 2007-12-31 16:48 80 --a------ C:\WINDOWS\Numerical
                              2007-12-30 18:45 . 2007-12-31 16:43 84 --a------ C:\WINDOWS\Getting Started.htm
                              2007-12-30 18:45 . 2007-12-30 18:48 76 --a------ C:\WINDOWS\Logic
                              2007-12-30 18:44 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Verbal
                              2007-12-30 18:43 . 2007-12-31 16:42 75 --a------ C:\WINDOWS\Times New Roman
                              2007-12-30 18:41 . 2007-12-31 16:42 621 --a------ C:\WINDOWS\0
                              2007-12-30 18:41 . 2007-12-30 18:41 46 --a------ C:\WINDOWS\1
                              2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer 2
                              2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\Program Files\Mindscape
                              2007-12-30 13:15 . 2008-01-07 20:37 18,502,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
                              2007-12-30 13:15 . 2008-01-07 17:39 248,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
                              2007-12-30 13:15 . 2007-12-30 13:24 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
                              2007-12-30 13:15 . 2007-12-30 13:24 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
                              2007-12-30 13:14 . 2007-12-30 13:14 <DIR> d-------- C:\Program Files\Kaspersky Lab
                              2007-12-30 13:14 . 2008-01-07 20:36 195,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
                              2007-12-30 13:14 . 2008-01-07 17:39 19,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
                              2007-12-30 13:00 . 2007-12-30 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
                              2007-12-30 12:23 . 2008-01-03 09:13 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
                              2007-12-26 15:25 . 2008-01-07 20:34 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\uTorrent
                              2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
                              2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
                              2007-12-22 17:05 . 2007-12-22 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\TwonkyMedia
                              2007-12-22 17:04 . 2007-12-22 17:05 <DIR> d-------- C:\Program Files\TwonkyMedia
                              2007-12-07 20:10 . 2007-12-15 16:55 <DIR> d-------- C:\Program Files\Guitar Speed Trainer

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2008-01-07 19:33 --------- d-----w C:\Program Files\Firefly Media Server
                              2008-01-07 16:42 --------- d-----w C:\Program Files\Lx_cats
                              2008-01-07 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                              2008-01-06 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
                              2008-01-04 16:20 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
                              2008-01-04 16:11 --------- d-----w C:\Program Files\Hitman Pro
                              2008-01-04 15:59 --------- d-----w C:\Program Files\Spyware Doctor
                              2008-01-04 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                              2008-01-04 13:14 --------- d-----w C:\Program Files\SpywareBlaster
                              2008-01-03 15:28 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
                              2008-01-03 14:58 --------- d-----w C:\Program Files\Bonjour
                              2008-01-03 14:55 --------- d-----w C:\Program Files\Windows Desktop Search
                              2008-01-03 14:55 --------- d-----w C:\Program Files\a-squared Free
                              2008-01-03 14:54 --------- d-----w C:\Program Files\Windows Media Connect
                              2008-01-03 14:54 --------- d-----w C:\Program Files\Lexmark 4300 Series
                              2008-01-03 14:52 --------- d-----w C:\Program Files\Google
                              2008-01-03 13:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                              2007-12-30 16:15 --------- d-----w C:\Program Files\QuickTime
                              2007-12-30 16:15 --------- d-----w C:\Program Files\iTunes
                              2007-12-30 13:12 --------- d-----w C:\Program Files\PFConfig
                              2007-12-30 11:22 --------- d-----w C:\Program Files\MSN Messenger
                              2007-12-30 09:30 160,256 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
                              2007-12-28 15:55 --------- d-----w C:\Program Files\PowerISO
                              2007-12-28 15:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
                              2007-12-28 15:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions
                              2007-12-28 15:55 --------- d-----w C:\Program Files\BitComet
                              2007-12-27 11:25 --------- d-----w C:\Program Files\Styler
                              2007-12-27 11:21 --------- d-----w C:\Documents and Settings\Fam. Tol\Application Data\Intermedia Design
                              2007-12-27 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Data
                              2007-12-26 14:52 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
                              2007-12-26 14:52 --------- d-----w C:\Program Files\AutoCAD 2008
                              2007-12-26 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
                              2007-12-26 14:42 --------- d-----w C:\Program Files\BitLord
                              2007-12-25 17:41 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
                              2007-12-14 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
                              2007-12-08 16:35 --------- d-----w C:\Program Files\DJ2000
                              2007-11-19 19:07 --------- d-----w C:\Program Files\Plus!
                              2007-11-18 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
                              2007-11-18 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
                              2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
                              2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Adobe
                              2007-11-18 13:54 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
                              2007-11-18 13:54 129,784 ------w C:\WINDOWS\system32\pxafs.dll
                              2007-11-18 13:54 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
                              2007-11-18 13:54 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
                              2007-11-15 17:22 --------- d-----w C:\Program Files\PassportPhoto
                              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                              2007-11-10 14:11 --------- d-----w C:\Program Files\PC Wizard 2008
                              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                              2007-05-20 09:02 2,875 ----a-w C:\Documents and Settings\Fam. Tol\Application Data\SAS7_000.DAT
                              2007-02-17 10:36 88,986,386 ----a-w C:\Program Files\520g&500g-X&550gE Wireless Router Utilities.zip
                              2006-10-13 18:02 1,048,576 ---ha-w C:\Program Files\cache.dmx
                              2004-08-03 23:03 208,896 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
                              2002-08-05 05:45 351,668,780 ----a-w C:\Program Files\Data.Cab
                              2002-08-05 05:45 1,117,552 ----a-w C:\Program Files\AT&T Labs' Natural Voices - Desktop 1.4.msi
                              2002-08-05 05:16 904 ----a-w C:\Program Files\Setup.INI
                              2001-06-21 12:01 180,224 ----a-w C:\Program Files\setup.exe
                              2001-06-13 14:15 3,166 ----a-w C:\Program Files\0x0409.ini
                              2001-05-08 12:04 1,531,984 ----a-w C:\Program Files\instmsiw.exe
                              2001-05-08 12:01 1,519,696 ----a-w C:\Program Files\instmsia.exe
                              2004-08-03 23:03 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
                              .
                              Code:
                              <pre>
                              ----a-w           102,400 2007-12-30 10:48:23  C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
                              ----a-w           135,168 2007-12-30 12:18:47  C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
                              ----a-w            45,056 2007-12-30 12:18:44  C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
                              ----a-w            45,056 2007-12-30 10:47:43  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
                              ----a-w            49,152 2007-12-30 10:47:41  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
                              ----a-w            61,440 2007-12-30 10:44:53  C:\Program Files\Digidesign\Drivers\MMERefresh .exe
                              ----a-w           847,872 2008-01-03 18:14:03  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
                              ----a-w         6,731,312 2008-01-03 18:14:10  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
                              ----a-w           257,088 2007-12-29 09:17:48  C:\Program Files\iTunes\iTunesHelper .exe
                              ----a-w            94,208 2007-12-30 10:47:37  C:\Program Files\Lexmark 4300 Series\ezprint .exe
                              ----a-w            31,016 2007-12-29 09:17:58  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
                              ----a-w         5,674,352 2007-12-30 10:48:18  C:\Program Files\MSN Messenger\MsnMsgr .Exe
                              ----a-w         1,318,912 2008-01-03 18:14:04  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
                              ----a-w           160,256 2007-12-30 09:30:12  C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
                              ----a-w            15,360 2008-01-03 08:13:51  C:\WINDOWS\system32\ctfmon .exe
                              </pre>

                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
                              "WebCam Go Plus Sti Service Application"="Wcgopsvc"
                              "Cmaudio"="cmicnfg.cpl"
                              "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

                              C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\
                              Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
                              TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]

                              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
                              "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
                              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

                              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                              C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

                              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                              "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

                              SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
                              @="Driver Group"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
                              @="Driver"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
                              @="DiskDrive"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
                              @="Hdc"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
                              @="Keyboard"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
                              @="Mouse"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
                              @="System"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
                              @="Volume"

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
                              path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
                              backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Multikabel Eerste Hulp Thuis.lnk]
                              path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Multikabel Eerste Hulp Thuis.lnk
                              backup=C:\WINDOWS\pss\Multikabel Eerste Hulp Thuis.lnkCommon Startup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
                              path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
                              backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Philips Media Manager.lnk]
                              path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Philips Media Manager.lnk
                              backup=C:\WINDOWS\pss\Philips Media Manager.lnkStartup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^RocketDock.lnk]
                              path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\RocketDock.lnk
                              backup=C:\WINDOWS\pss\RocketDock.lnkStartup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^UberIcon.lnk]
                              path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\UberIcon.lnk
                              backup=C:\WINDOWS\pss\UberIcon.lnkStartup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
                              path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Y'z Shadow.lnk
                              backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
                              C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
                              C:\Program Files\BitComet\BitComet.exe /tray

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
                              CTHELPER.EXE

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FireflyShell]
                              C:\Program Files\Firefly Media Server\FireflyShell.exe -q

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
                              C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                              C:\Program Files\iTunes\iTunesHelper.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
                              C:\WINDOWS\system32\jkhhe.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
                              C:\PROGRA~1\MULTIK~1\SMARTB~1\MotiveSB.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                              C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
                              C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
                              C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                              C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe

                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
                              C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

                              R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2005-08-04 16:19]
                              R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2005-08-04 16:19]
                              R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 10:54]
                              R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-04 17:20]
                              R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
                              R2 Firefly Media Server;Firefly Media Server;C:\Program Files\Firefly Media Server\firefly.exe [2006-08-20 22:43]
                              R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
                              R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 01:02]
                              R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 01:04]
                              S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
                              S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                              S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                              S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                              S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                              S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

                              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                              p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

                              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
                              \Shell\AutoRun\command - G:\Setup.exe

                              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
                              \Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c2c654-9561-11da-b94e-005070b55817}]
                              \Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b10915-0f98-11dc-955a-005070b55817}]
                              \Shell\AutoRun\command - J:\mmjbrun.exe "M.7.1.1070KEN.EXE"

                              .
                              Inhoud van de 'Gedeelde Taken' map
                              "2007-05-13 10:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                              "2008-01-04 17:13:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"
                              - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
                              .
                              **************************************************************************

                              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-01-07 20:37:05
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              Scan succesvol afgerond
                              verborgen bestanden: 0

                              **************************************************************************
                              .
                              Voltooingstijd: 2008-01-07 20:40:15
                              ComboFix-quarantined-files.txt 2008-01-07 19:40:08
                              ComboFix2.txt 2008-01-07 16:32:33
                              ComboFix3.txt 2008-01-05 17:33:55
                              .
                              2008-01-05 20:04:36 --- E O F ---

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X