Mededeling

**Marckie** · 04-01-08, 16:12

Hallo benjitol,

Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe
Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

Klik daarna op "Fix checked" en sluit HijackThis af.

Herstart de computer.
Start HijackThis opnieuw, maak een nieuwe log en post deze.

Meldt of er nog problemen zijn.

**benjitol** · 04-01-08, 17:36

C:\windows\system32\jkhhe.exe

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe

dit staat er niet tussen bij de hyjack
hier is hijLogfile of HijackThis v1.99.1
Scan saved at 18:34:54, on 4-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Firefly Media Server\firefly.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Windows Media Connect\mswmcls.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\windows media connect\mswmccds.exe
C:\Program Files\Windows Media Connect\mswmc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\System32\alg.exe
C:\downloads\utorrent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Fam. Tol\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {3AEC3373-C823-4853-97D4-5B5549833BC3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A2673D28-A47A-4705-87CF-10B41DE98D37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.duostartorrents.org
O15 - Trusted Zone: http://www.helpmij.nl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wvuuvuv - wvuuvuv.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

**Marckie** · 05-01-08, 09:27

Oorspronkelijk geplaatst door Marckie

Hallo benjitol,

Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe

??

**benjitol** · 05-01-08, 13:16

Hallo Mackie,
Heb gedaan wat je had gezegd en de nieuwe hijack geinstalleerd en dit is het logfile Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:54, on 5-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Windows Media Connect\mswmcls.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Firefly Media Server\firefly.exe
C:\Program Files\Windows Media Connect\mswmc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {3AEC3373-C823-4853-97D4-5B5549833BC3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A2673D28-A47A-4705-87CF-10B41DE98D37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.duostartorrents.org
O15 - Trusted Zone: http://www.helpmij.nl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvuuvuv - wvuuvuv.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 11560 bytes

Zoals je ziet staat 04 systeem ...... er niet meer tussen????
groet benji

**Marckie** · 05-01-08, 14:13

Hij staat er inderdaad niet meer tussen benji.

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: (no name) - {3AEC3373-C823-4853-97D4-5B5549833BC3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2673D28-A47A-4705-87CF-10B41DE98D37} - (no file)
O20 - Winlogon Notify: wvuuvuv - wvuuvuv.dll (file missing)

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**benjitol** · 05-01-08, 17:41

hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:24, on 5-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Windows Media Connect\mswmcls.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Firefly Media Server\firefly.exe
C:\Program Files\Windows Media Connect\mswmc.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.duostartorrents.org
O15 - Trusted Zone: http://www.helpmij.nl
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 10988 bytes

**benjitol** · 05-01-08, 19:22

het combifix logbestand bevat te veel tekens dus dan maar als rar fileComboFix.rar

**Marckie** · 06-01-08, 10:23

Maak eens een nieuwe log met combofix en post deze.

**benjitol** · 06-01-08, 11:20

hallo
weer met combofix laten scannen en wachten op het logfile dit duurt namelijk wel ff zeker 1a2 uur???

**benjitol** · 06-01-08, 11:28

anden Gemaakt van 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))
.

2008-01-05 16:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 18:52 . 2008-01-04 19:27 <DIR> d-------- C:\Documents and Settings\Fam. Tol\.housecall6.6
2008-01-04 18:18 . 2008-01-04 18:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 15:50 . 2008-01-04 17:11 <DIR> d-------- C:\VundoFix Backups
2008-01-04 14:12 . 2008-01-04 14:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-04 14:12 . 2008-01-04 14:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-04 14:12 . 2008-01-04 14:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-04 14:12 . 2008-01-04 14:12 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-03 20:31 . 2008-01-05 16:42 348,160 --a------ C:\WINDOWS\system32\jkhhe.exe
2008-01-03 17:34 . 2008-01-03 17:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-03 16:30 . 2008-01-03 16:30 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\Grisoft
2008-01-03 16:29 . 2008-01-03 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-03 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-03 15:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-03 14:27 . 2008-01-03 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-03 14:26 . 2008-01-03 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 14:26 . 2008-01-03 14:26 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\SUPERAntiSpyware.com
2008-01-03 13:54 . 2008-01-03 13:54 121,344 --a------ C:\WINDOWS\system32\B1.tmp
2008-01-02 15:25 . 2008-01-02 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-01 17:34 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Target Skills
2007-12-31 16:43 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Memory
2007-12-30 19:02 . 2007-12-30 19:02 78 --a------ C:\WINDOWS\Spatial
2007-12-30 18:57 . 2007-12-31 16:48 80 --a------ C:\WINDOWS\Numerical
2007-12-30 18:45 . 2007-12-31 16:43 84 --a------ C:\WINDOWS\Getting Started.htm
2007-12-30 18:45 . 2007-12-30 18:48 76 --a------ C:\WINDOWS\Logic
2007-12-30 18:44 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Verbal
2007-12-30 18:43 . 2007-12-31 16:42 75 --a------ C:\WINDOWS\Times New Roman
2007-12-30 18:41 . 2007-12-31 16:42 621 --a------ C:\WINDOWS\0
2007-12-30 18:41 . 2007-12-30 18:41 46 --a------ C:\WINDOWS\1
2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer 2
2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\Program Files\Mindscape
2007-12-30 13:15 . 2008-01-05 18:18 17,185,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-30 13:15 . 2008-01-05 18:12 230,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-30 13:15 . 2007-12-30 13:24 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-30 13:15 . 2007-12-30 13:24 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-30 13:14 . 2007-12-30 13:14 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-30 13:14 . 2008-01-05 18:18 178,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-30 13:14 . 2008-01-05 18:12 17,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-30 13:00 . 2007-12-30 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-30 12:23 . 2008-01-03 09:13 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-26 15:25 . 2008-01-05 18:11 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\uTorrent
2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2007-12-22 17:05 . 2007-12-22 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\TwonkyMedia
2007-12-22 17:04 . 2007-12-22 17:05 <DIR> d-------- C:\Program Files\TwonkyMedia
2007-12-07 20:10 . 2007-12-15 16:55 <DIR> d-------- C:\Program Files\Guitar Speed Trainer

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 17:16 --------- d-----w C:\Program Files\Lx_cats
2008-01-05 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-05 17:15 --------- d-----w C:\Program Files\Firefly Media Server
2008-01-04 16:20 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-01-04 16:11 --------- d-----w C:\Program Files\Hitman Pro
2008-01-04 15:59 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-04 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 13:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-03 15:28 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-01-03 14:58 --------- d-----w C:\Program Files\Bonjour
2008-01-03 14:55 --------- d-----w C:\Program Files\Windows Desktop Search
2008-01-03 14:55 --------- d-----w C:\Program Files\a-squared Free
2008-01-03 14:54 --------- d-----w C:\Program Files\Windows Media Connect
2008-01-03 14:54 --------- d-----w C:\Program Files\Lexmark 4300 Series
2008-01-03 14:52 --------- d-----w C:\Program Files\Google
2008-01-03 13:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 16:15 --------- d-----w C:\Program Files\QuickTime
2007-12-30 16:15 --------- d-----w C:\Program Files\iTunes
2007-12-30 13:12 --------- d-----w C:\Program Files\PFConfig
2007-12-30 11:22 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 09:30 160,256 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
2007-12-28 15:55 --------- d-----w C:\Program Files\PowerISO
2007-12-28 15:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-28 15:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-28 15:55 --------- d-----w C:\Program Files\BitComet
2007-12-27 11:25 --------- d-----w C:\Program Files\Styler
2007-12-27 11:21 --------- d-----w C:\Documents and Settings\Fam. Tol\Application Data\Intermedia Design
2007-12-27 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Data
2007-12-26 14:52 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-26 14:52 --------- d-----w C:\Program Files\AutoCAD 2008
2007-12-26 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-26 14:42 --------- d-----w C:\Program Files\BitLord
2007-12-25 17:41 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-12-14 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-08 16:35 --------- d-----w C:\Program Files\DJ2000
2007-11-19 19:07 --------- d-----w C:\Program Files\Plus!
2007-11-18 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-11-18 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 13:54 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-18 13:54 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-18 13:54 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-18 13:54 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-15 17:22 --------- d-----w C:\Program Files\PassportPhoto
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 14:11 --------- d-----w C:\Program Files\PC Wizard 2008
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-20 09:02 2,875 ----a-w C:\Documents and Settings\Fam. Tol\Application Data\SAS7_000.DAT
2007-02-17 10:36 88,986,386 ----a-w C:\Program Files\520g&500g-X&550gE Wireless Router Utilities.zip
2006-10-13 18:02 1,048,576 ---ha-w C:\Program Files\cache.dmx
2004-08-03 23:03 208,896 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
2002-08-05 05:45 351,668,780 ----a-w C:\Program Files\Data.Cab
2002-08-05 05:45 1,117,552 ----a-w C:\Program Files\AT&T Labs' Natural Voices - Desktop 1.4.msi
2002-08-05 05:16 904 ----a-w C:\Program Files\Setup.INI
2001-06-21 12:01 180,224 ----a-w C:\Program Files\setup.exe
2001-06-13 14:15 3,166 ----a-w C:\Program Files\0x0409.ini
2001-05-08 12:04 1,531,984 ----a-w C:\Program Files\instmsiw.exe
2001-05-08 12:01 1,519,696 ----a-w C:\Program Files\instmsia.exe
2004-08-03 23:03 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.

Code:

<pre>
----a-w            39,792 2007-12-30 12:18:46  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           153,136 2007-12-29 09:17:46  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w            81,920 2007-12-30 10:47:37  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w           102,400 2007-12-30 10:48:23  C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
----a-w           135,168 2007-12-30 12:18:47  C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
----a-w            45,056 2007-12-30 12:18:44  C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
----a-w            45,056 2007-12-30 10:47:43  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
----a-w            49,152 2007-12-30 10:47:41  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
----a-w            61,440 2007-12-30 10:44:53  C:\Program Files\Digidesign\Drivers\MMERefresh .exe
----a-w           847,872 2008-01-03 18:14:03  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w         6,731,312 2008-01-03 18:14:10  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w           257,088 2007-12-29 09:17:48  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            94,208 2007-12-30 10:47:37  C:\Program Files\Lexmark 4300 Series\ezprint .exe
----a-w            31,016 2007-12-29 09:17:58  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w         5,674,352 2007-12-30 10:48:18  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w         1,318,912 2008-01-03 18:14:04  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w           160,256 2007-12-30 09:30:12  C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
----a-w            15,360 2008-01-03 08:13:51  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
"WebCam Go Plus Sti Service Application"="Wcgopsvc"

"Cmaudio"="cmicnfg.cpl"

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Multikabel Eerste Hulp Thuis.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Multikabel Eerste Hulp Thuis.lnk
backup=C:\WINDOWS\pss\Multikabel Eerste Hulp Thuis.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Philips Media Manager.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Philips Media Manager.lnk
backup=C:\WINDOWS\pss\Philips Media Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^RocketDock.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^UberIcon.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FireflyShell]
C:\Program Files\Firefly Media Server\FireflyShell.exe -q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
2008-01-05 16:42 348160 --a------ C:\WINDOWS\system32\jkhhe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\MULTIK~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2005-08-04 16:19]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2005-08-04 16:19]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 10:54]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-04 17:20]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 Firefly Media Server;Firefly Media Server;C:\Program Files\Firefly Media Server\firefly.exe [2006-08-20 22:43]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 01:02]
R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 01:04]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c2c654-9561-11da-b94e-005070b55817}]
\Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b10915-0f98-11dc-955a-005070b55817}]
\Shell\AutoRun\command - J:\mmjbrun.exe "M.7.1.1070KEN.EXE"

.
Inhoud van de 'Gedeelde Taken' map
"2007-05-13 10:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 17:13:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 18:16:59
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-05 18:33:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 17:33:45
.
2007-12-14 21:37:43 --- E O F ---

**Marckie** · 07-01-08, 07:22

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

RENV::
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
C:\Program Files\Digidesign\Drivers\MMERefresh .exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Lexmark 4300 Series\ezprint .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
C:\WINDOWS\system32\ctfmon .exe

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**benjitol** · 07-01-08, 16:50

Hallo Marckie,
Ik heb nu wel alle verdachte dingen in backup kasprersky laten zetten:
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part34.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503855.exe 401 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503881.exe 5,8 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502851.exe 422,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502855.exe 401 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502869.exe 499 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503880.exe 404 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503849.exe 482,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503856.exe 404 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part09.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503857.exe 380 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part28.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part27.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503878.exe 401 KB
Geïnfecteerd: trojan Backdoor.Win32.Rbot.ffq c:\downloads\n.8.1.2.0.keygen.by.rlzorro.rar 969,8 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part23.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\quicktime\qttask .exe 642,5 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\local settings\temp\uyf4e7\pbec.dat 63,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part07.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504192.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502856.exe 404 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504077.exe 380 KB
Geïnfecteerd: trojan Trojan-Downloader.Win32.Small.hkt c:\documents and settings\fam. tol\local settings\temp\uyf4e7\trvp.exe 9 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp402\a0504271.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\itunes\ituneshelper.exe 680,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part02.rar 4,9 MB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\mijn documenten\downloads\keygen.exe 566,4 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.PurityScan.gp c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp398\a0501438.exe 40,7 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504136.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503852.exe 422,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part37.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504159.exe 680,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\creative\mediasource\remotecontrol\rcman.exe 482,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP398\A0501455.exe 3,5 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Agent.zk c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc36\play.exe 98,4 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\local settings\temp\uyf4e7\trvp.dat 9 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part17.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part44.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\windows\pchealth\helpctr\binaries\msconfig.exe.tmp 499 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\creative\sb drive det\sbdrvdet.exe 408 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504075.exe 408 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo ctfmon.exe\ctfmon.exe 372 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\adobe\reader 8.0\reader\reader_sl.exe 380 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part08.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\windows\system32\ctfmon.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo RcMan.exe\RcMan.exe 496 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe 1,4 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part32.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part16.rar 4,9 MB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\local settings\temp\uyf4e7\qpfu.dat 218,8 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502853.exe 401 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP406\A0505626.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part24.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part43.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502849.exe 408 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part33.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part31.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part26.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502852.exe 435,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503896.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504095.exe 408 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part11.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504094.exe 482,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502859.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part38.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504074.exe 482,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part03.rar 4,9 MB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\documents and settings\all users\application data\kaspersky lab\avp7\pdmhist\5d4.714090d001c8507d.history\000000ca.bak 336,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part39.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part21.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Downloader.Win32.Agent.dmj c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp342\a0491175.exe 9,4 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part25.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Downloader.Win32.PurityScan.fg c:\documents and settings\fam. tol\local settings\temp\uyf4e7\qpfu.exe 218,8 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp407\a0505807.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504111.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part01.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503846.exe 5,8 MB
Verdacht: virus Heur.Invader (modification) c:\combofix\catchme.cfexe 139 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503888.exe 380 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part40.rar 4,9 MB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Agent.zk c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504163.exe 98,4 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503909.exe 482,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501389.exe 3,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503910.exe 408 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504160.exe 373 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504216.exe 356,5 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dhx c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503877.dll 38,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp400\a0504078.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part42.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502452.Exe 5,8 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503854.exe 401 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504158.exe 490,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\windows\system32\jkhhe.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503858.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501401.Exe 5,8 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP398\A0501426.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp407\a0505788.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504096.exe 380 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part30.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503913.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502847.exe 482,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part19.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp408\a0505822.exe 340 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp406\a0505615.dll 336,5 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dij c:\documents and settings\fam. tol\mijn documenten\downloads\microsoft office 2007 activation crack.zip 549,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo avgas.exe\avgas.exe 7,2 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\windows\system32\ctfmon.exe.tmp 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp403\a0504356.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501378.exe 3,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part20.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp405\a0504485.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part14.rar 4,9 MB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\documents and settings\fam. tol\local settings\temporary internet files\content.ie5\rr7c4k6q\css4[1] 336,4 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501406.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part45.rar 537,3 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503911.exe 380 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0502857.exe 380 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP398\A0501427.Exe 5,8 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503850.exe 460 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part29.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Downloader.Win32.Agent.gwh c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp398\a0501437.exe 39 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part13.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo SUPERAntiSpyware.exe\SUPERAntiSpyware.exe 1,7 MB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Virtumonde.dih C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\8f4.63596A3C01C84E0C.history\00000003.bak 336,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo SpyHunter3.exe\SpyHunter3.exe 1,4 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\documents and settings\fam. tol\local settings\temp\rcx18.tmp 401 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503886.exe 482,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part22.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Downloader.Win32.PurityScan.fg C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP406\A0505612.exe 142,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504161.exe 642,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part41.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503887.exe 408 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP397\A0501404.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp402\a0504299.exe 356,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part12.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part18.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp404\a0504430.exe 340 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.PurityScan.gi c:\documents and settings\fam. tol\local settings\temp\mshtml2.exe 44 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part35.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP406\A0505563.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp408\a0509096.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502848.exe 460 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\common files\ahead\lib\nerocheck.exe 490,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part05.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502845.Exe 5,8 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503851.exe 408 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\program files\microsoft office\office12\groovemonitor.exe 373 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part36.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\program files\quicktime\qttask.exe 642,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\System Volume Information\_restore{F7E17F95-D074-464A-BB13-CDD0ACACC0BD}\RP399\A0502468.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp409\a0509132.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504162.exe 642,5 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe 7,1 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part15.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp405\a0505529.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503879.exe 460 KB
Verdacht: virus Heur.Invader (modification) c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp408\a0509054.exe 1,4 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 1,7 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part06.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp409\a0509145.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp404\a0504372.exe 340 KB
Geïnfecteerd: adware not-a-virus:AdWare.Win32.Agent.zk c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp356\a0491945.exe 98,4 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part04.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp401\a0504097.exe 340 KB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.cuj c:\recycler\s-1-5-21-1085031214-261478967-682003330-1004\dc33.serial\nero.8.ultra.edition.v8.1.1.2.incl.keygen-plungin.serial.part10.rar 4,9 MB
Geïnfecteerd: trojan Trojan-Dropper.Win32.Agent.dgo c:\system volume information\_restore{f7e17f95-d074-464a-bb13-cdd0acacc0bd}\rp399\a0503853.exe 435,5 KB

Hier het logfile van combofix:
ComboFix 08-01-04.1 - Fam. Tol 2008-01-07 17:17:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.416 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Fam. Tol\Bureaublad\combofix.exe
Command switches used :: C:\Documents and Settings\Fam. Tol\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
.

2008-01-06 12:40 . 2008-01-06 12:40 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-01-05 20:20 . 2008-01-05 20:20 34,043 --a------ C:\ComboFix.rar
2008-01-05 16:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 18:52 . 2008-01-04 19:27 <DIR> d-------- C:\Documents and Settings\Fam. Tol\.housecall6.6
2008-01-04 18:18 . 2008-01-04 18:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 15:50 . 2008-01-04 17:11 <DIR> d-------- C:\VundoFix Backups
2008-01-04 14:12 . 2008-01-04 14:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-04 14:12 . 2008-01-04 14:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-04 14:12 . 2008-01-04 14:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-04 14:12 . 2008-01-04 14:12 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-03 17:34 . 2008-01-03 17:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-03 16:30 . 2008-01-03 16:30 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\Grisoft
2008-01-03 16:29 . 2008-01-03 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-03 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-03 15:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-03 14:27 . 2008-01-03 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-03 14:26 . 2008-01-03 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 14:26 . 2008-01-03 14:26 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\SUPERAntiSpyware.com
2008-01-03 13:54 . 2008-01-03 13:54 121,344 --a------ C:\WINDOWS\system32\B1.tmp
2008-01-02 15:25 . 2008-01-02 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-01 17:34 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Target Skills
2007-12-31 16:43 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Memory
2007-12-30 19:02 . 2007-12-30 19:02 78 --a------ C:\WINDOWS\Spatial
2007-12-30 18:57 . 2007-12-31 16:48 80 --a------ C:\WINDOWS\Numerical
2007-12-30 18:45 . 2007-12-31 16:43 84 --a------ C:\WINDOWS\Getting Started.htm
2007-12-30 18:45 . 2007-12-30 18:48 76 --a------ C:\WINDOWS\Logic
2007-12-30 18:44 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Verbal
2007-12-30 18:43 . 2007-12-31 16:42 75 --a------ C:\WINDOWS\Times New Roman
2007-12-30 18:41 . 2007-12-31 16:42 621 --a------ C:\WINDOWS\0
2007-12-30 18:41 . 2007-12-30 18:41 46 --a------ C:\WINDOWS\1
2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer 2
2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\Program Files\Mindscape
2007-12-30 13:15 . 2008-01-07 17:29 18,317,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-30 13:15 . 2008-01-06 22:19 246,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-30 13:15 . 2007-12-30 13:24 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-30 13:15 . 2007-12-30 13:24 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-30 13:14 . 2007-12-30 13:14 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-30 13:14 . 2008-01-07 17:29 191,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-30 13:14 . 2008-01-06 22:19 18,788 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-30 13:00 . 2007-12-30 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-30 12:23 . 2008-01-03 09:13 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-26 15:25 . 2008-01-07 17:29 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\uTorrent
2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2007-12-22 17:05 . 2007-12-22 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\TwonkyMedia
2007-12-22 17:04 . 2007-12-22 17:05 <DIR> d-------- C:\Program Files\TwonkyMedia
2007-12-07 20:10 . 2007-12-15 16:55 <DIR> d-------- C:\Program Files\Guitar Speed Trainer

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 16:28 --------- d-----w C:\Program Files\Firefly Media Server
2008-01-07 15:58 --------- d-----w C:\Program Files\Lx_cats
2008-01-07 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-06 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-01-04 16:20 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-01-04 16:11 --------- d-----w C:\Program Files\Hitman Pro
2008-01-04 15:59 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-04 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 13:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-03 15:28 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-01-03 14:58 --------- d-----w C:\Program Files\Bonjour
2008-01-03 14:55 --------- d-----w C:\Program Files\Windows Desktop Search
2008-01-03 14:55 --------- d-----w C:\Program Files\a-squared Free
2008-01-03 14:54 --------- d-----w C:\Program Files\Windows Media Connect
2008-01-03 14:54 --------- d-----w C:\Program Files\Lexmark 4300 Series
2008-01-03 14:52 --------- d-----w C:\Program Files\Google
2008-01-03 13:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 16:15 --------- d-----w C:\Program Files\QuickTime
2007-12-30 16:15 --------- d-----w C:\Program Files\iTunes
2007-12-30 13:12 --------- d-----w C:\Program Files\PFConfig
2007-12-30 11:22 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 09:30 160,256 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
2007-12-28 15:55 --------- d-----w C:\Program Files\PowerISO
2007-12-28 15:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-28 15:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-28 15:55 --------- d-----w C:\Program Files\BitComet
2007-12-27 11:25 --------- d-----w C:\Program Files\Styler
2007-12-27 11:21 --------- d-----w C:\Documents and Settings\Fam. Tol\Application Data\Intermedia Design
2007-12-27 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Data
2007-12-26 14:52 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-26 14:52 --------- d-----w C:\Program Files\AutoCAD 2008
2007-12-26 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-26 14:42 --------- d-----w C:\Program Files\BitLord
2007-12-25 17:41 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-12-14 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-08 16:35 --------- d-----w C:\Program Files\DJ2000
2007-11-19 19:07 --------- d-----w C:\Program Files\Plus!
2007-11-18 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-11-18 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 13:54 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-18 13:54 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-18 13:54 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-18 13:54 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-15 17:22 --------- d-----w C:\Program Files\PassportPhoto
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 14:11 --------- d-----w C:\Program Files\PC Wizard 2008
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-20 09:02 2,875 ----a-w C:\Documents and Settings\Fam. Tol\Application Data\SAS7_000.DAT
2007-02-17 10:36 88,986,386 ----a-w C:\Program Files\520g&500g-X&550gE Wireless Router Utilities.zip
2006-10-13 18:02 1,048,576 ---ha-w C:\Program Files\cache.dmx
2004-08-03 23:03 208,896 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
2002-08-05 05:45 351,668,780 ----a-w C:\Program Files\Data.Cab
2002-08-05 05:45 1,117,552 ----a-w C:\Program Files\AT&T Labs' Natural Voices - Desktop 1.4.msi
2002-08-05 05:16 904 ----a-w C:\Program Files\Setup.INI
2001-06-21 12:01 180,224 ----a-w C:\Program Files\setup.exe
2001-06-13 14:15 3,166 ----a-w C:\Program Files\0x0409.ini
2001-05-08 12:04 1,531,984 ----a-w C:\Program Files\instmsiw.exe
2001-05-08 12:01 1,519,696 ----a-w C:\Program Files\instmsia.exe
2004-08-03 23:03 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.

Code:

<pre>
----a-w           102,400 2007-12-30 10:48:23  C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
----a-w           135,168 2007-12-30 12:18:47  C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
----a-w            45,056 2007-12-30 12:18:44  C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
----a-w            45,056 2007-12-30 10:47:43  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
----a-w            49,152 2007-12-30 10:47:41  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
----a-w            61,440 2007-12-30 10:44:53  C:\Program Files\Digidesign\Drivers\MMERefresh .exe
----a-w           847,872 2008-01-03 18:14:03  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w         6,731,312 2008-01-03 18:14:10  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w           257,088 2007-12-29 09:17:48  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            94,208 2007-12-30 10:47:37  C:\Program Files\Lexmark 4300 Series\ezprint .exe
----a-w            31,016 2007-12-29 09:17:58  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w         5,674,352 2007-12-30 10:48:18  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w         1,318,912 2008-01-03 18:14:04  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w           160,256 2007-12-30 09:30:12  C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
----a-w            15,360 2008-01-03 08:13:51  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
"WebCam Go Plus Sti Service Application"="Wcgopsvc"

"Cmaudio"="cmicnfg.cpl"

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Multikabel Eerste Hulp Thuis.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Multikabel Eerste Hulp Thuis.lnk
backup=C:\WINDOWS\pss\Multikabel Eerste Hulp Thuis.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Philips Media Manager.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Philips Media Manager.lnk
backup=C:\WINDOWS\pss\Philips Media Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^RocketDock.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^UberIcon.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FireflyShell]
C:\Program Files\Firefly Media Server\FireflyShell.exe -q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhhe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\MULTIK~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-12-29 10:17 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2005-08-04 16:19]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2005-08-04 16:19]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 10:54]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-04 17:20]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 Firefly Media Server;Firefly Media Server;C:\Program Files\Firefly Media Server\firefly.exe [2006-08-20 22:43]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 01:02]
R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 01:04]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c2c654-9561-11da-b94e-005070b55817}]
\Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b10915-0f98-11dc-955a-005070b55817}]
\Shell\AutoRun\command - J:\mmjbrun.exe "M.7.1.1070KEN.EXE"

.
Inhoud van de 'Gedeelde Taken' map
"2007-05-13 10:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 17:13:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 17:29:38
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-07 17:32:32
ComboFix-quarantined-files.txt 2008-01-07 16:32:26
ComboFix2.txt 2008-01-05 17:33:55
.
2008-01-05 20:04:36 --- E O F ---

**Marckie** · 07-01-08, 17:50

Doe het verhaal met CFScript nog een keer.

**benjitol** · 07-01-08, 20:02

ComboFix 08-01-04.1 - Fam. Tol 2008-01-07 20:23:16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.405 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Fam. Tol\Bureaublad\combofix.exe
Command switches used :: C:\Documents and Settings\Fam. Tol\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
.

2008-01-06 12:40 . 2008-01-06 12:40 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-01-05 20:20 . 2008-01-05 20:20 34,043 --a------ C:\ComboFix.rar
2008-01-05 16:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 18:52 . 2008-01-04 19:27 <DIR> d-------- C:\Documents and Settings\Fam. Tol\.housecall6.6
2008-01-04 18:18 . 2008-01-04 18:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 15:50 . 2008-01-04 17:11 <DIR> d-------- C:\VundoFix Backups
2008-01-04 14:12 . 2008-01-04 14:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-04 14:12 . 2008-01-04 14:11 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-04 14:12 . 2008-01-04 14:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-04 14:12 . 2008-01-04 14:12 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-03 17:34 . 2008-01-03 17:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-03 16:30 . 2008-01-03 16:30 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\Grisoft
2008-01-03 16:29 . 2008-01-03 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-03 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-03 15:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-03 14:27 . 2008-01-03 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-03 14:26 . 2008-01-03 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-03 14:26 . 2008-01-03 14:26 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\SUPERAntiSpyware.com
2008-01-03 13:54 . 2008-01-03 13:54 121,344 --a------ C:\WINDOWS\system32\B1.tmp
2008-01-02 15:25 . 2008-01-02 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-01 17:34 . 2008-01-01 17:34 <DIR> d-------- C:\Program Files\Target Skills
2007-12-31 16:43 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Memory
2007-12-30 19:02 . 2007-12-30 19:02 78 --a------ C:\WINDOWS\Spatial
2007-12-30 18:57 . 2007-12-31 16:48 80 --a------ C:\WINDOWS\Numerical
2007-12-30 18:45 . 2007-12-31 16:43 84 --a------ C:\WINDOWS\Getting Started.htm
2007-12-30 18:45 . 2007-12-30 18:48 76 --a------ C:\WINDOWS\Logic
2007-12-30 18:44 . 2007-12-31 16:43 77 --a------ C:\WINDOWS\Verbal
2007-12-30 18:43 . 2007-12-31 16:42 75 --a------ C:\WINDOWS\Times New Roman
2007-12-30 18:41 . 2007-12-31 16:42 621 --a------ C:\WINDOWS\0
2007-12-30 18:41 . 2007-12-30 18:41 46 --a------ C:\WINDOWS\1
2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer 2
2007-12-30 18:35 . 2007-12-30 18:35 <DIR> d-------- C:\Program Files\Mindscape
2007-12-30 13:15 . 2008-01-07 20:37 18,502,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-30 13:15 . 2008-01-07 17:39 248,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-30 13:15 . 2007-12-30 13:24 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-30 13:15 . 2007-12-30 13:24 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-30 13:14 . 2007-12-30 13:14 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-30 13:14 . 2008-01-07 20:36 195,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-30 13:14 . 2008-01-07 17:39 19,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-30 13:00 . 2007-12-30 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-30 12:23 . 2008-01-03 09:13 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-26 15:25 . 2008-01-07 20:34 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\uTorrent
2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2007-12-25 18:41 . 2006-04-20 12:51 359,808 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2007-12-22 17:05 . 2007-12-22 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Tol\Application Data\TwonkyMedia
2007-12-22 17:04 . 2007-12-22 17:05 <DIR> d-------- C:\Program Files\TwonkyMedia
2007-12-07 20:10 . 2007-12-15 16:55 <DIR> d-------- C:\Program Files\Guitar Speed Trainer

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 19:33 --------- d-----w C:\Program Files\Firefly Media Server
2008-01-07 16:42 --------- d-----w C:\Program Files\Lx_cats
2008-01-07 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-06 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-01-04 16:20 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-01-04 16:11 --------- d-----w C:\Program Files\Hitman Pro
2008-01-04 15:59 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-04 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 13:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-03 15:28 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2008-01-03 14:58 --------- d-----w C:\Program Files\Bonjour
2008-01-03 14:55 --------- d-----w C:\Program Files\Windows Desktop Search
2008-01-03 14:55 --------- d-----w C:\Program Files\a-squared Free
2008-01-03 14:54 --------- d-----w C:\Program Files\Windows Media Connect
2008-01-03 14:54 --------- d-----w C:\Program Files\Lexmark 4300 Series
2008-01-03 14:52 --------- d-----w C:\Program Files\Google
2008-01-03 13:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 16:15 --------- d-----w C:\Program Files\QuickTime
2007-12-30 16:15 --------- d-----w C:\Program Files\iTunes
2007-12-30 13:12 --------- d-----w C:\Program Files\PFConfig
2007-12-30 11:22 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 09:30 160,256 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
2007-12-28 15:55 --------- d-----w C:\Program Files\PowerISO
2007-12-28 15:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-28 15:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-28 15:55 --------- d-----w C:\Program Files\BitComet
2007-12-27 11:25 --------- d-----w C:\Program Files\Styler
2007-12-27 11:21 --------- d-----w C:\Documents and Settings\Fam. Tol\Application Data\Intermedia Design
2007-12-27 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Data
2007-12-26 14:52 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-26 14:52 --------- d-----w C:\Program Files\AutoCAD 2008
2007-12-26 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-26 14:42 --------- d-----w C:\Program Files\BitLord
2007-12-25 17:41 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-12-14 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-08 16:35 --------- d-----w C:\Program Files\DJ2000
2007-11-19 19:07 --------- d-----w C:\Program Files\Plus!
2007-11-18 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-11-18 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-11-18 14:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 13:54 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-18 13:54 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-18 13:54 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-18 13:54 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-15 17:22 --------- d-----w C:\Program Files\PassportPhoto
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 14:11 --------- d-----w C:\Program Files\PC Wizard 2008
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-20 09:02 2,875 ----a-w C:\Documents and Settings\Fam. Tol\Application Data\SAS7_000.DAT
2007-02-17 10:36 88,986,386 ----a-w C:\Program Files\520g&500g-X&550gE Wireless Router Utilities.zip
2006-10-13 18:02 1,048,576 ---ha-w C:\Program Files\cache.dmx
2004-08-03 23:03 208,896 ----a-w C:\WINDOWS\inf\unregmp2(2).exe
2002-08-05 05:45 351,668,780 ----a-w C:\Program Files\Data.Cab
2002-08-05 05:45 1,117,552 ----a-w C:\Program Files\AT&T Labs' Natural Voices - Desktop 1.4.msi
2002-08-05 05:16 904 ----a-w C:\Program Files\Setup.INI
2001-06-21 12:01 180,224 ----a-w C:\Program Files\setup.exe
2001-06-13 14:15 3,166 ----a-w C:\Program Files\0x0409.ini
2001-05-08 12:04 1,531,984 ----a-w C:\Program Files\instmsiw.exe
2001-05-08 12:01 1,519,696 ----a-w C:\Program Files\instmsia.exe
2004-08-03 23:03 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.

Code:

<pre>
----a-w           102,400 2007-12-30 10:48:23  C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
----a-w           135,168 2007-12-30 12:18:47  C:\Program Files\Creative\MediaSource\RemoteControl\RcMan .exe
----a-w            45,056 2007-12-30 12:18:44  C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe
----a-w            45,056 2007-12-30 10:47:43  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet .EXE
----a-w            49,152 2007-12-30 10:47:41  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol .exe
----a-w            61,440 2007-12-30 10:44:53  C:\Program Files\Digidesign\Drivers\MMERefresh .exe
----a-w           847,872 2008-01-03 18:14:03  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w         6,731,312 2008-01-03 18:14:10  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w           257,088 2007-12-29 09:17:48  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            94,208 2007-12-30 10:47:37  C:\Program Files\Lexmark 4300 Series\ezprint .exe
----a-w            31,016 2007-12-29 09:17:58  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w         5,674,352 2007-12-30 10:48:18  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w         1,318,912 2008-01-03 18:14:04  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w           160,256 2007-12-30 09:30:12  C:\WINDOWS\pchealth\helpctr\binaries\msconfig .exe
----a-w            15,360 2008-01-03 08:13:51  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 14:46 73728]
"WebCam Go Plus Sti Service Application"="Wcgopsvc"

"Cmaudio"="cmicnfg.cpl"

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 12:13 282624]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Multikabel Eerste Hulp Thuis.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Multikabel Eerste Hulp Thuis.lnk
backup=C:\WINDOWS\pss\Multikabel Eerste Hulp Thuis.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Philips Media Manager.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Philips Media Manager.lnk
backup=C:\WINDOWS\pss\Philips Media Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^RocketDock.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^UberIcon.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fam. Tol^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]
path=C:\Documents and Settings\Fam. Tol\Menu Start\Programma's\Opstarten\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FireflyShell]
C:\Program Files\Firefly Media Server\FireflyShell.exe -q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhhe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\MULTIK~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2005-08-04 16:19]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2005-08-04 16:19]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 10:54]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-04 17:20]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 Firefly Media Server;Firefly Media Server;C:\Program Files\Firefly Media Server\firefly.exe [2006-08-20 22:43]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 01:02]
R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 01:04]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c2c654-9561-11da-b94e-005070b55817}]
\Shell\AutoRun\command - K:\mmjbrun.exe "M.7.1.1070KEN.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3b10915-0f98-11dc-955a-005070b55817}]
\Shell\AutoRun\command - J:\mmjbrun.exe "M.7.1.1070KEN.EXE"

.
Inhoud van de 'Gedeelde Taken' map
"2007-05-13 10:43:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 17:13:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 20:37:05
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-07 20:40:15
ComboFix-quarantined-files.txt 2008-01-07 19:40:08
ComboFix2.txt 2008-01-07 16:32:33
ComboFix3.txt 2008-01-05 17:33:55
.
2008-01-05 20:04:36 --- E O F ---

Mededeling

Trojan-Dropper.Win32.Agent.dgo

Trojan-Dropper.Win32.Agent.dgo

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment