Mededeling

Collapse
No announcement yet.

virus hijackthis log + combofix

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus hijackthis log + combofix

    Ik heb al allerlei virus scans gedaan maar het virus blijft.
    Ik heb combofix ook al gerunt en de logfiles staan hier onder.
    Bovendien heb ik honderden pos100.tmp pos1a.tmp pos1b.tmp enz..

    Let op ik heb hijackthis in veilige modus gedaan omdat als ik hem normaal opstart er allerlei windows foutmeldingen komen en de computer soms zomaar opnieuw opstart of uitgaat.

    Let op:
    Ik heb een groot deel van de pos bestandjes weggehaalt uit dit topic omdat het anders te groot was om te posten

    Log file Combofix:

    ComboFix 08-01-23.1C - ingemare 2008-01-25 19:27:14.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.785 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\ingemare\Bureaublad\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\#SharedObjects\H8FGZ2XX\iforex.com
    C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\#SharedObjects\H8FGZ2XX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\ingemare\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\ingemare\Mijn documenten\pos24A.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\pos24B.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\pos24C.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\pos24D.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\pos24E.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\pos24F.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\pos250.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\pos251.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE04.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE05.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE06.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE07.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE08.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE09.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE0A.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE0B.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE0C.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE0D.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE0E.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE0F.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE10.tmp
    C:\Documents and Settings\ingemare\Mijn documenten\posE11.tmp
    C:\posD87.tmp
    C:\posD88.tmp
    C:\posD89.tmp
    C:\posD8A.tmp
    C:\posD8B.tmp
    C:\posD8C.tmp
    C:\posD8D.tmp
    C:\posD8E.tmp
    C:\posD8F.tmp
    C:\posD9.tmp
    C:\posD90.tmp
    C:\posD91.tmp
    C:\posD92.tmp
    C:\posD93.tmp
    C:\posD94.tmp
    C:\posD95.tmp
    C:\posD96.tmp
    C:\posD97.tmp
    C:\posD98.tmp
    C:\posD99.tmp
    C:\posD9A.tmp
    C:\posD9B.tmp
    C:\posD9C.tmp
    C:\posD9D.tmp
    C:\posD9E.tmp
    C:\posD9F.tmp
    C:\posDA.tmp
    C:\posDA0.tmp
    C:\posDA1.tmp
    C:\posDA2.tmp
    C:\posDA3.tmp
    C:\posDA4.tmp
    C:\posDA5.tmp
    C:\posDA6.tmp
    C:\posDA7.tmp
    C:\posDA8.tmp
    C:\posDA9.tmp
    C:\posDAA.tmp
    C:\posDAB.tmp
    C:\posDAC.tmp
    C:\posDAD.tmp
    C:\posDAE.tmp
    C:\posDAF.tmp
    C:\posDB.tmp
    C:\posDC.tmp
    C:\posDD.tmp
    C:\posDE.tmp
    C:\posDF.tmp
    C:\posE.tmp
    C:\posE0.tmp
    C:\posE1.tmp
    C:\posE2.tmp
    C:\posE3.tmp
    C:\posE4.tmp
    C:\posE5.tmp
    C:\posE6.tmp
    C:\posE7.tmp
    C:\posE8.tmp
    C:\posE9.tmp
    C:\posEA.tmp
    C:\posEB.tmp
    C:\posEC.tmp
    C:\posED.tmp
    C:\posEE.tmp
    C:\posEF.tmp
    C:\posF.tmp
    C:\posF0.tmp
    C:\posF1.tmp
    C:\posF2.tmp
    C:\posF3.tmp
    C:\posF4.tmp
    C:\posF5.tmp
    C:\posF6.tmp
    C:\posF7.tmp
    C:\posF8.tmp
    C:\posF9.tmp
    C:\posFA.tmp
    C:\posFB.tmp
    C:\posFC.tmp
    C:\posFD.tmp
    C:\posFE.tmp
    C:\posFF.tmp
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe
    C:\Program Files\Alwil Software\Avast4\ashDisp .exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs .exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\ALCMTR .EXE
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\WINDOWS\RTHDCPL .EXE
    C:\WINDOWS\system32\ctfmon .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\helcvpar.dllbox
    C:\WINDOWS\system32\kfyodtdr.dll
    C:\WINDOWS\system32\opnopqo.dll
    C:\WINDOWS\system32\prutv.ini
    C:\WINDOWS\system32\prutv.ini2
    C:\WINDOWS\system32\rdtdoyfk.ini
    C:\WINDOWS\system32\vturp.dll
    C:\WINDOWS\system32\vturp.exe

    Code:
     <pre>
    C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe ---> QooBox
    C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox
    C:\Program Files\Common Files\Real\Update_OB\realsched .exe ---> QooBox
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> QooBox
    C:\Program Files\Messenger\msmsgs .exe ---> QooBox
    C:\WINDOWS\ALCMTR .EXE ---> QooBox
    C:\WINDOWS\RTHDCPL .EXE ---> QooBox
    C:\WINDOWS\system32\ctfmon .exe ---> QooBox
    </pre>
    .
    ----- BITS: Possible infected sites -----

    hxxp://javadl.sun.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))
    .

    2008-01-25 20:51 . 2008-01-25 20:59 19,390 ---hs---- C:\WINDOWS\system32\helcvpar.dllbox
    2008-01-25 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-25 17:50 . 2008-01-25 17:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-01-25 17:09 . 2008-01-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Application
    2008-01-25 17:08 . 2008-01-25 20:46 <DIR> d-------- C:\Program Files\SPYWAREfighter
    2008-01-23 16:52 . 2007-01-25 12:53 <DIR> d-------- C:\Program Files\DAEMON Tools
    2008-01-20 10:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2008-01-18 21:39 . 2008-01-18 21:39 32 --a------ C:\WINDOWS\CD_Start.INI
    2008-01-09 16:12 . 2008-01-09 16:12 <DIR> d-------- C:\Program Files\IVT Corporation
    2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\VST
    2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
    2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
    2007-12-30 17:57 . 2006-12-21 14:50 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-25 18:00 69,632 ----a-w C:\WINDOWS\ALCMTR.EXE
    2008-01-25 18:00 14,396,416 ----a-w C:\WINDOWS\RTHDCPL.EXE
    2008-01-25 16:15 --------- d-----w C:\Program Files\Hitman Pro
    2008-01-23 15:48 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-01-23 12:20 --------- d-----w C:\Program Files\EA Games
    2008-01-20 09:47 --------- d-----w C:\Program Files\Tweak-XP Pro 4
    2008-01-20 09:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-01-19 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-19 10:13 --------- d-----w C:\Program Files\SpywareBlaster
    2008-01-18 20:44 --------- d-----w C:\Program Files\Activision
    2008-01-05 17:53 --------- d-----w C:\Program Files\PC Wizard 2007
    2008-01-05 17:06 --------- d-----w C:\Program Files\SpeedFan
    2007-12-05 16:08 --------- d-----w C:\Program Files\Webteh
    2007-12-03 12:58 --------- d-----w C:\Program Files\LimeWire
    2007-12-01 10:56 --------- d-----w C:\Program Files\DVD Flick
    2007-11-30 19:45 --------- d-----w C:\Program Files\InfraRecorder
    2007-11-30 17:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-30 17:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-30 14:12 --------- d-----w C:\Program Files\SurfRight
    2007-11-26 15:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-11-26 15:50 249,856 ------w C:\WINDOWS\Setup1.exe
    2007-11-26 14:28 --------- d-----w C:\Program Files\Electronic Arts
    2007-11-25 20:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-25 20:01 --------- d-----w C:\Program Files\GameSpy
    2007-11-25 19:38 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
    2007-11-19 19:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2007-11-07 14:36 3,403,473,876 ----a-w C:\Program Files\ccd-set6.mdf
    2007-11-06 12:57 4,848 ----a-w C:\Program Files\ccd-set6.mds
    2006-10-26 22:26 271 --sh--w C:\Program Files\desktop.ini
    2006-10-26 22:26 21,952 ---ha-w C:\Program Files\folder.htt
    2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
    .
    Code:
    <pre>
    ----a-w           171,464 2008-01-25 11:24:08  C:\Program Files\DAEMON Tools\daemon .exe
    ----a-w            98,304 2007-01-23 18:30:00  C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE .EXE
    </pre>

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-01-25 12:47 163904 --a------ C:\WINDOWS\system32\helcvpar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cfa238ea-108d-4bf4-af62-75030b98492e}]
    2007-01-25 12:47 76352 --a------ C:\WINDOWS\system32\echxacsm.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\\Studiosindala\EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-25 19:00 14396416 C:\WINDOWS\RTHDCPL.EXE]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

    C:\Documents and Settings\Administrator.INGMAR\Menu Start\Programma's\Opstarten\
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]

    C:\Documents and Settings\ingemare\Menu Start\Programma's\Opstarten\
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]

    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
    Sweex WiFi LAN 140 Nitro XM Utility.lnk - C:\Program Files\Sweex WiFi LAN 140 Nitro XM Utility\WlanUtl.exe [2006-10-26 19:35:20 794624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\helcvpar]
    helcvpar.dll 2007-01-25 12:47 163904 C:\WINDOWS\system32\helcvpar.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
    winmqx32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winowl32]
    winowl32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OSI Kernel DebugMon]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
    backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
    C:\Program Files\AdVantage\AdVantage.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-01-25 19:00 219520 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    C:\WINDOWS\avp .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
    --a------ 2004-04-26 16:21 270336 C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaretakerNotifier]
    C:\Program Files\SurfRight\Caretaker\Notifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
    --a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    -ra------ 2005-11-03 08:22 77824 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    -ra------ 2005-11-03 08:26 118784 C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    -ra------ 2005-11-03 08:25 98304 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --------- 2005-07-25 11:01 1397760 C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-06-14 15:24 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    C:\WINDOWS\system32\vturp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
    C:\WINDOWS\system32\drvxub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2008-01-25 19:00 1667584 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-08-30 18:51 7630848 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-08-30 18:51 86016 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-08-30 18:51 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSI KDebug]
    C:\DOCUME~1\ingemare\LOCALS~1\Temp\_temp_netspool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2007-04-09 13:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-10-26 20:35 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDConfig]
    --a------ 2003-04-23 18:30 184320 C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "CaretakerUpdate"=2 (0x2)
    "CaretakerSvc"=2 (0x2)
    "CaretakerProxy"=2 (0x2)
    "CaretakerAntispam"=2 (0x2)
    "svcWRSSSDK"=2 (0x2)
    "SDhelper"=3 (0x3)
    "pr2akt6c"=2 (0x2)
    "PnkBstrA"=2 (0x2)
    "NOD32krn"=2 (0x2)

    R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-06-08 18:29]
    R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-06-08 18:28]
    R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys [2007-06-08 18:28]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
    R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
    R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
    R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2007-11-24 10:51]
    R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
    R2 OSI Kernel DebugMon;OSI Kernel DebugMon;C:\DOCUME~1\ingemare\LOCALS~1\Temp\svchost.sys [2007-06-05 17:57]
    R3 SWXG3021;Sweex 802.11g XG302 SP1 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-10-20 07:40]
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
    S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
    S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
    S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-04-26 13:32]
    S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS [2002-10-30 10:43]
    S4 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe"
    S4 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe"
    S4 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
    S4 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
    S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c14cf32-3398-11dc-b2fb-00160a007a88}]
    \Shell\AutoRun\command - E:\Exe\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec6edde-c9b5-11dc-b49b-001583b3d077}]
    \Shell\AutoRun\command - E:\RunGame.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2c8280-b58c-11db-b2e3-00160a007a88}]
    \Shell\AutoRun\command - E:\Exe\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23343b0-3393-11dc-b2fa-00160a007a88}]
    \Shell\AutoRun\command - I:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be94de16-2f0c-11dc-b2ed-00160a007a88}]
    \Shell\AutoRun\command - E:\Exe\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce445d18-7af9-11db-b0ff-00160a007a88}]
    \Shell\AutoRun\command - E:\Exe\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8a-c9b1-11dc-b499-806d6172696f}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8b-c9b1-11dc-b499-001583b3d077}]
    \Shell\AutoRun\command - G:\RunGame.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f5421a-c9c2-11dc-b49f-001583b3d077}]
    \Shell\AutoRun\command - G:\RunGame.exe

    *Newly Created Service* - PCANDIS5
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 20:59:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\\\\Studiosindala\\EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P42 \"\\\\Studiosindala\\EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\helcvpar.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
    -> C:\WINDOWS\system32\helcvpar.dll
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    Voltooingstijd: 2008-01-25 21:08:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-25 20:08:07

  • #2
    hijackthis log file:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:44:00, on 26-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\helcvpar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: {e29489b0-3057-26fa-4fb4-d801ae832afc} - {cfa238ea-108d-4bf4-af62-75030b98492e} - C:\WINDOWS\system32\echxacsm.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [\\Studiosindala\EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P42 "\\Studiosindala\EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Sweex WiFi LAN 140 Nitro XM Utility.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: helcvpar - C:\WINDOWS\SYSTEM32\helcvpar.dll
    O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
    O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 6586 bytes

    Comment


    • #3
      Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

      File::
      C:\WINDOWS\system32\helcvpar.dllbox
      C:\WINDOWS\system32\helcvpar.dll
      C:\WINDOWS\system32\echxacsm.dll
      C:\WINDOWS\avp.exe
      C:\WINDOWS\system32\vturp.exe
      C:\WINDOWS\system32\drvxub.dll
      C:\DOCUME~1\ingemare\LOCALS~1\Temp\_temp_netspool.exe

      RENV::
      C:\Program Files\DAEMON Tools\daemon .exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE .EXE

      Registry::
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cfa238ea-108d-4bf4-af62-75030b98492e}]
      [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\helcvpar]
      [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
      [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winowl32]
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
      "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSI KDebug]
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]

      Driver::
      mchInjDrv

      Sla dit op op je Bureaublad als CFScript.txt

      Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



      Dit zal ComboFix doen herstarten.
      Start opnieuw op als daarom gevraagd wordt,
      en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
      Groet,
      Pimmerd

      Comment


      • #4
        Heb ik gedaan alleen nadat combofix klaar is start combofix de computer opnieuw op om een log te maken alleen dan in gewone modus waardoor mijn systeem uitviel en combofix dus geen log heeft gemaakt. Wat moet ik nu doen? nog een keer?
        Last edited by ingmarvdlucht; 28-01-08, 14:43.

        Comment


        • #5
          Uit een ander forum:
          Heb sinds korte tijd last van zeer trage PC, lijkt wel of er continu een file scan plaats vindt elke keer als ik een programma open. Heb nu ook twee iccontjes op mijn desktop ("windows update"en "help en support centre") die niet naar de Microsoft site verwijzen maar naar "strorageprotector.com" ??. Mijn antivirus programma (Trend Mico PCilin 2007) geeft aan dat dit 'dangerous sites' zijn.
          Elke keer als ik de PC opstart, naast de zeer trage opstart, krijg ik ook het bericht dat ik geprobeerd heb een ''dangerous website" te openen (http://82.98.235.78/s/tr.dll?nid=md&...0462D879665D41), terwijl ik mijn browser nog niet geopend heb.
          Krijg ook de foutmelding bij opstart "NT Kernel error 1256 Kmode_exeption_not_handled". Mogelijk allemaal met elkaar te maken ?

          Ik heb ook deze 2 icoontjes op mijn bureaublad en ook dezelfde foutmelding

          Comment


          • #6
            Ben je bezig op een ander forum ook met Hijackthis logfiles?
            Probeer nogmaals aub, normaliter gezien moet Combofix al een groot gedeelte opruimen.
            Groet,
            Pimmerd

            Comment


            • #7
              Nee ik heb niet op een ander forum gepost.
              Weer in veilige modus gedaan.
              Weer veel pos files verwijderd uit combofix log omdat hij anders niet op dit forum paste

              Combofix log:

              ComboFix 08-01-23.1C - ingemare 2008-01-29 16:00:05.3 - NTFSx86 NETWORK
              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.785 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\ingemare\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\ingemare\Bureaublad\CFscript.txt

              FILE
              C:\DOCUME~1\ingemare\LOCALS~1\Temp\_temp_netspool.exe
              C:\WINDOWS\avp.exe
              C:\WINDOWS\system32\drvxub.dll
              C:\WINDOWS\system32\echxacsm.dll
              C:\WINDOWS\system32\helcvpar.dll
              C:\WINDOWS\system32\helcvpar.dllbox
              C:\WINDOWS\system32\vturp.exe
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              ---- Previous Run -------
              .
              C:\pos67B.tmp
              C:\pos67C.tmp
              C:\pos67D.tmp
              C:\pos67E.tmp
              C:\pos67F.tmp
              C:\pos68.tmp
              C:\pos680.tmp
              C:\pos681.tmp
              C:\pos682.tmp
              C:\pos683.tmp
              C:\pos684.tmp
              C:\pos685.tmp
              C:\pos686.tmp
              C:\pos687.tmp
              C:\pos688.tmp
              C:\pos689.tmp
              C:\pos68A.tmp
              C:\pos68B.tmp
              C:\pos68C.tmp
              C:\pos68D.tmp
              C:\pos68E.tmp
              C:\pos68F.tmp
              C:\pos69.tmp
              C:\pos690.tmp
              C:\pos691.tmp
              C:\pos692.tmp
              C:\pos693.tmp
              C:\pos694.tmp
              C:\pos695.tmp
              C:\pos696.tmp
              C:\pos697.tmp
              C:\pos698.tmp
              C:\pos699.tmp
              C:\pos69A.tmp
              C:\pos69B.tmp
              C:\pos69C.tmp
              C:\pos69D.tmp
              C:\pos69E.tmp
              C:\pos69F.tmp
              C:\pos6A.tmp
              C:\pos6A0.tmp
              C:\pos6A1.tmp
              C:\pos6A2.tmp
              C:\pos6A3.tmp
              C:\pos6A4.tmp
              C:\pos6A5.tmp
              C:\pos6A6.tmp
              C:\pos6A7.tmp
              C:\pos6A8.tmp
              C:\pos6A9.tmp
              C:\pos6AA.tmp
              C:\pos6AB.tmp
              C:\pos6AC.tmp
              C:\pos6AD.tmp
              C:\pos6AE.tmp
              C:\pos6AF.tmp
              C:\pos6B.tmp
              C:\pos6B0.tmp
              C:\pos6B1.tmp
              C:\pos6B2.tmp
              C:\pos6B3.tmp
              C:\pos6B4.tmp
              C:\pos6B5.tmp
              C:\pos6B6.tmp
              C:\pos6B7.tmp
              C:\pos6B8.tmp
              C:\pos6B9.tmp
              C:\pos6BA.tmp
              C:\pos6BB.tmp
              C:\pos6BC.tmp
              C:\pos6BD.tmp
              C:\pos6BE.tmp
              C:\pos6BF.tmp
              C:\pos6C.tmp
              C:\pos6C0.tmp
              C:\pos6C1.tmp
              C:\pos6C2.tmp
              C:\pos6C3.tmp
              C:\pos6C4.tmp
              C:\pos6C5.tmp
              C:\pos6C6.tmp
              C:\pos6C7.tmp
              C:\pos6C8.tmp
              C:\pos6C9.tmp
              C:\pos6CA.tmp
              C:\pos6CB.tmp
              C:\pos6CC.tmp
              C:\pos6CD.tmp
              C:\pos6CE.tmp
              C:\pos6CF.tmp
              C:\pos6D.tmp
              C:\pos6D0.tmp
              C:\pos6D1.tmp
              C:\pos6D2.tmp
              C:\pos6D3.tmp
              C:\pos6D4.tmp
              C:\pos6D5.tmp
              C:\pos6D6.tmp
              C:\pos6D7.tmp
              C:\pos6D8.tmp
              C:\pos6D9.tmp
              C:\pos6DA.tmp
              C:\pos6DB.tmp
              C:\pos6DC.tmp
              C:\pos6DD.tmp
              C:\pos6DE.tmp
              C:\pos6DF.tmp
              C:\pos6E.tmp
              C:\pos6E0.tmp
              C:\pos6E1.tmp
              C:\pos6E2.tmp
              C:\pos6E3.tmp
              C:\pos6E4.tmp
              C:\pos6E5.tmp
              C:\pos6E6.tmp
              C:\pos6E7.tmp
              C:\pos6E8.tmp
              C:\pos6E9.tmp
              C:\pos6EA.tmp
              C:\pos6EB.tmp
              C:\pos6EC.tmp
              C:\pos6ED.tmp
              C:\pos6EE.tmp
              C:\pos6EF.tmp
              C:\pos6F.tmp
              C:\pos6F0.tmp
              C:\pos6F1.tmp
              C:\pos6F2.tmp
              C:\pos6F3.tmp
              C:\pos6F4.tmp
              C:\pos6F5.tmp
              C:\pos6F6.tmp
              C:\pos6F7.tmp
              C:\pos6F8.tmp
              C:\pos6F9.tmp
              C:\pos6FA.tmp
              C:\pos6FB.tmp
              C:\pos6FC.tmp
              C:\pos6FD.tmp
              C:\pos6FE.tmp
              C:\pos6FF.tmp
              C:\pos7.tmp
              C:\pos70.tmp
              C:\pos700.tmp
              C:\pos701.tmp
              C:\pos702.tmp
              C:\pos703.tmp
              C:\pos704.tmp
              C:\pos705.tmp
              C:\pos706.tmp
              C:\pos707.tmp
              C:\pos708.tmp
              C:\pos709.tmp
              C:\pos70A.tmp
              C:\pos70B.tmp
              C:\pos70C.tmp
              C:\pos70D.tmp
              C:\pos70E.tmp
              C:\pos70F.tmp
              C:\pos71.tmp
              C:\pos710.tmp
              C:\pos711.tmp
              C:\pos712.tmp
              C:\pos713.tmp
              C:\pos714.tmp
              C:\pos715.tmp
              C:\pos716.tmp
              C:\pos717.tmp
              C:\pos718.tmp
              C:\pos719.tmp
              C:\pos71A.tmp
              C:\pos71B.tmp
              C:\pos71C.tmp
              C:\pos71D.tmp
              C:\pos71E.tmp
              C:\pos71F.tmp
              C:\pos72.tmp
              C:\pos720.tmp
              C:\pos721.tmp
              C:\pos722.tmp
              C:\pos723.tmp
              C:\pos724.tmp
              C:\pos725.tmp
              C:\pos726.tmp
              C:\pos727.tmp
              C:\pos728.tmp
              C:\pos729.tmp
              C:\pos72A.tmp
              C:\pos72B.tmp
              C:\pos72C.tmp
              C:\pos72D.tmp
              C:\pos72E.tmp
              C:\pos72F.tmp
              C:\pos73.tmp
              C:\pos730.tmp
              C:\pos731.tmp
              C:\pos732.tmp
              C:\pos733.tmp
              C:\pos734.tmp
              C:\pos735.tmp
              C:\pos736.tmp
              C:\pos737.tmp
              C:\pos738.tmp
              C:\pos739.tmp
              C:\pos73A.tmp
              C:\pos73B.tmp
              C:\pos73C.tmp
              C:\pos73D.tmp
              C:\pos73E.tmp
              C:\pos73F.tmp
              C:\pos74.tmp
              C:\pos740.tmp
              C:\pos741.tmp
              C:\pos742.tmp
              C:\pos743.tmp
              C:\pos744.tmp
              C:\pos745.tmp
              C:\pos746.tmp
              C:\pos747.tmp
              C:\pos748.tmp
              C:\pos749.tmp
              C:\pos74A.tmp
              C:\pos74B.tmp
              C:\pos74C.tmp
              C:\pos74D.tmp
              C:\pos74E.tmp
              C:\pos74F.tmp
              C:\pos75.tmp
              C:\pos750.tmp
              C:\pos751.tmp
              C:\pos752.tmp
              C:\pos753.tmp
              C:\pos754.tmp
              C:\pos755.tmp
              C:\pos756.tmp
              C:\pos757.tmp
              C:\pos758.tmp
              C:\pos759.tmp
              C:\pos75A.tmp
              C:\pos75B.tmp
              C:\pos75C.tmp
              C:\pos75D.tmp
              C:\pos75E.tmp
              C:\pos75F.tmp
              C:\pos76.tmp
              C:\pos760.tmp
              C:\pos761.tmp
              C:\pos762.tmp
              C:\pos763.tmp
              C:\pos764.tmp
              C:\pos765.tmp
              C:\pos766.tmp
              C:\pos767.tmp
              C:\pos768.tmp
              C:\pos769.tmp
              C:\pos76A.tmp
              C:\pos76B.tmp
              C:\pos76C.tmp
              C:\pos76D.tmp
              C:\pos76E.tmp
              C:\pos76F.tmp
              C:\pos77.tmp
              C:\pos770.tmp
              C:\pos771.tmp
              C:\pos772.tmp
              C:\pos773.tmp
              C:\pos774.tmp
              C:\pos775.tmp
              C:\pos776.tmp
              C:\pos777.tmp
              C:\pos778.tmp
              C:\pos779.tmp
              C:\pos77A.tmp
              C:\pos77B.tmp
              C:\pos77C.tmp
              C:\pos77D.tmp
              C:\pos77E.tmp
              C:\pos77F.tmp
              C:\pos78.tmp
              C:\pos780.tmp
              C:\pos781.tmp
              C:\pos782.tmp
              C:\pos783.tmp
              C:\pos784.tmp
              C:\pos785.tmp
              C:\pos786.tmp
              C:\pos787.tmp
              C:\pos788.tmp
              C:\pos789.tmp
              C:\pos78A.tmp
              C:\pos78B.tmp
              C:\pos78C.tmp
              C:\pos78D.tmp
              C:\pos78E.tmp
              C:\pos78F.tmp
              C:\pos79.tmp
              C:\pos790.tmp
              C:\pos791.tmp
              C:\pos792.tmp
              C:\pos793.tmp
              C:\pos794.tmp
              C:\pos795.tmp
              C:\pos796.tmp
              C:\pos797.tmp
              C:\pos798.tmp
              C:\pos799.tmp
              C:\pos79A.tmp
              C:\pos79B.tmp
              C:\pos79C.tmp
              C:\pos79D.tmp
              C:\pos79E.tmp
              C:\pos79F.tmp
              C:\pos7A.tmp
              C:\pos7A0.tmp
              C:\pos7A1.tmp
              C:\pos7A2.tmp
              C:\pos7A3.tmp
              C:\pos7A4.tmp
              C:\pos7A5.tmp
              C:\pos7A6.tmp
              C:\pos7A7.tmp
              C:\pos7A8.tmp
              C:\pos7A9.tmp
              C:\pos7AA.tmp
              C:\pos7AB.tmp
              C:\pos7AC.tmp
              C:\pos7AD.tmp
              C:\pos7AE.tmp
              C:\pos7AF.tmp
              C:\pos7B.tmp
              C:\pos7B0.tmp
              C:\pos7B1.tmp
              C:\pos7B2.tmp
              C:\pos7B3.tmp
              C:\pos7B4.tmp
              C:\pos7B5.tmp
              C:\pos7B6.tmp
              C:\pos7B7.tmp
              C:\pos7B8.tmp
              C:\pos7B9.tmp
              C:\pos7BA.tmp
              C:\pos7BB.tmp
              C:\pos7BC.tmp
              C:\pos7BD.tmp
              C:\pos7BE.tmp
              C:\pos7BF.tmp
              C:\pos7C.tmp
              C:\pos7C0.tmp
              C:\pos7C1.tmp
              C:\pos7C2.tmp
              C:\pos7C3.tmp
              C:\pos7C4.tmp
              C:\pos7C5.tmp
              C:\pos7C6.tmp
              C:\pos7C7.tmp
              C:\pos7C8.tmp
              C:\pos7C9.tmp
              C:\pos7CA.tmp
              C:\pos7CB.tmp
              C:\pos7CC.tmp
              C:\pos7CD.tmp
              C:\pos7CE.tmp
              C:\pos7CF.tmp
              C:\pos7D.tmp
              C:\pos7D0.tmp
              C:\pos7D1.tmp
              C:\pos7E.tmp
              C:\pos7F.tmp
              C:\pos8.tmp
              C:\pos80.tmp
              C:\pos81.tmp
              C:\pos82.tmp
              C:\pos83.tmp
              C:\pos84.tmp
              C:\pos85.tmp
              C:\pos86.tmp
              C:\pos87.tmp
              C:\pos88.tmp
              C:\pos89.tmp
              C:\pos8A.tmp
              C:\pos8B.tmp
              C:\pos8C.tmp
              C:\pos8D.tmp
              C:\pos8E.tmp
              C:\pos8F.tmp
              C:\pos9.tmp
              C:\pos90.tmp
              C:\pos91.tmp
              C:\pos92.tmp
              C:\pos93.tmp
              C:\pos94.tmp
              C:\pos95.tmp
              C:\pos96.tmp
              C:\pos97.tmp
              C:\pos98.tmp
              C:\pos99.tmp
              C:\pos9A.tmp
              C:\pos9B.tmp
              C:\pos9C.tmp
              C:\pos9D.tmp
              C:\pos9E.tmp
              C:\pos9F.tmp
              C:\posA.tmp
              C:\posA0.tmp
              C:\posA1.tmp
              C:\posA2.tmp
              C:\posA3.tmp
              C:\posA4.tmp
              C:\posA5.tmp
              C:\posA6.tmp
              C:\posA7.tmp
              C:\posA8.tmp
              C:\posA9.tmp
              C:\posAA.tmp
              C:\posAB.tmp
              C:\posAC.tmp
              C:\posAD.tmp
              C:\posAE.tmp
              C:\posAF.tmp
              C:\posB.tmp
              C:\posB0.tmp
              C:\posB1.tmp
              C:\posB2.tmp
              C:\posB3.tmp
              C:\posB4.tmp
              C:\posB5.tmp
              C:\posB6.tmp
              C:\posB7.tmp
              C:\posB8.tmp
              C:\posB9.tmp
              C:\posBA.tmp
              C:\posBB.tmp
              C:\posBC.tmp
              C:\posBD.tmp
              C:\posBE.tmp
              C:\posBF.tmp
              C:\posC.tmp
              C:\posC0.tmp
              C:\posC1.tmp
              C:\posC2.tmp
              C:\posC3.tmp
              C:\posC4.tmp
              C:\posC5.tmp
              C:\posC6.tmp
              C:\posC7.tmp
              C:\posC8.tmp
              C:\posC9.tmp
              C:\posCA.tmp
              C:\posCB.tmp
              C:\posCC.tmp
              C:\posCD.tmp
              C:\posCE.tmp
              C:\posCF.tmp
              C:\posD.tmp
              C:\posD0.tmp
              C:\posD1.tmp
              C:\posD2.tmp
              C:\posD3.tmp
              C:\posD4.tmp
              C:\posD5.tmp
              C:\posD6.tmp
              C:\posD7.tmp
              C:\posD8.tmp
              C:\posD9.tmp
              C:\posDA.tmp
              C:\posDB.tmp
              C:\posDC.tmp
              C:\posDD.tmp
              C:\posDE.tmp
              C:\posDF.tmp
              C:\posE.tmp
              C:\posE0.tmp
              C:\posE1.tmp
              C:\posE2.tmp
              C:\posE3.tmp
              C:\posE4.tmp
              C:\posE5.tmp
              C:\posE6.tmp
              C:\posE7.tmp
              C:\posE8.tmp
              C:\posE9.tmp
              C:\posEA.tmp
              C:\posEB.tmp
              C:\posEC.tmp
              C:\posED.tmp
              C:\posEE.tmp
              C:\posEF.tmp
              C:\posF.tmp
              C:\posF0.tmp
              C:\posF1.tmp
              C:\posF2.tmp
              C:\posF3.tmp
              C:\posF4.tmp
              C:\posF5.tmp
              C:\posF6.tmp
              C:\posF7.tmp
              C:\posF8.tmp
              C:\posF9.tmp
              C:\posFA.tmp
              C:\posFB.tmp
              C:\posFC.tmp
              C:\posFD.tmp
              C:\posFE.tmp
              C:\posFF.tmp
              C:\WINDOWS\system32\echxacsm.dll
              C:\WINDOWS\system32\helcvpar.dll
              C:\WINDOWS\system32\helcvpar.dllbox
              C:\WINDOWS\system32\windows

              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_MCHINJDRV
              -------\mchInjDrv




              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))
              .

              2008-01-28 15:45 . 2008-01-28 15:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
              2008-01-26 09:43 . 2008-01-26 09:43 <DIR> d-------- C:\Program Files\Trend Micro
              2008-01-26 08:50 . 2004-08-03 23:00 261,936 --a------ C:\cmldr
              2008-01-26 08:50 . 2008-01-25 16:49 211 --a------ C:\Boot.bak
              2008-01-25 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
              2008-01-25 17:50 . 2008-01-25 17:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
              2008-01-25 17:09 . 2008-01-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Application
              2008-01-25 17:08 . 2008-01-25 21:41 <DIR> d-------- C:\Program Files\SPYWAREfighter
              2008-01-23 16:52 . 2008-01-28 14:02 <DIR> d-------- C:\Program Files\DAEMON Tools
              2008-01-20 10:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
              2008-01-18 21:39 . 2008-01-18 21:39 32 --a------ C:\WINDOWS\CD_Start.INI
              2008-01-09 16:12 . 2008-01-09 16:12 <DIR> d-------- C:\Program Files\IVT Corporation
              2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\VST
              2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
              2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
              2007-12-30 17:57 . 2006-12-21 14:50 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-25 18:00 69,632 ----a-w C:\WINDOWS\ALCMTR.EXE
              2008-01-25 18:00 14,396,416 ----a-w C:\WINDOWS\RTHDCPL.EXE
              2008-01-25 16:15 --------- d-----w C:\Program Files\Hitman Pro
              2008-01-23 15:48 --------- d-----w C:\Program Files\Elaborate Bytes
              2008-01-23 12:20 --------- d-----w C:\Program Files\EA Games
              2008-01-20 09:47 --------- d-----w C:\Program Files\Tweak-XP Pro 4
              2008-01-20 09:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
              2008-01-19 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-01-19 10:13 --------- d-----w C:\Program Files\SpywareBlaster
              2008-01-18 20:44 --------- d-----w C:\Program Files\Activision
              2008-01-05 17:53 --------- d-----w C:\Program Files\PC Wizard 2007
              2008-01-05 17:06 --------- d-----w C:\Program Files\SpeedFan
              2007-12-05 16:08 --------- d-----w C:\Program Files\Webteh
              2007-12-03 12:58 --------- d-----w C:\Program Files\LimeWire
              2007-12-01 10:56 --------- d-----w C:\Program Files\DVD Flick
              2007-11-30 19:45 --------- d-----w C:\Program Files\InfraRecorder
              2007-11-30 17:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
              2007-11-30 17:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
              2007-11-30 14:12 --------- d-----w C:\Program Files\SurfRight
              2007-11-26 15:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
              2007-11-26 15:50 249,856 ------w C:\WINDOWS\Setup1.exe
              2007-11-25 20:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
              2007-11-25 19:38 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
              2007-11-19 19:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
              2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
              2007-11-07 14:36 3,403,473,876 ----a-w C:\Program Files\ccd-set6.mdf
              2007-11-06 12:57 4,848 ----a-w C:\Program Files\ccd-set6.mds
              2006-10-26 22:26 271 --sh--w C:\Program Files\desktop.ini
              2006-10-26 22:26 21,952 ---ha-w C:\Program Files\folder.htt
              2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
              .

              ((((((((((((((((((((((((((((( [email protected]_21.01.30.14 )))))))))))))))))))))))))))))))))))))))))
              .
              + 2006-07-11 08:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
              - 2008-01-25 18:24:47 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
              + 2008-01-29 14:59:43 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
              - 2008-01-25 18:24:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
              + 2008-01-29 14:59:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
              - 2008-01-25 18:24:49 7,581,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
              + 2008-01-29 14:59:44 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
              - 2008-01-25 18:24:49 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
              + 2008-01-29 14:59:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
              + 2008-01-29 14:59:44 7,593,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
              + 2008-01-29 14:59:44 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
              - 2008-01-25 16:13:36 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
              + 2008-01-25 20:41:59 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
              - 2008-01-25 16:13:36 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
              + 2008-01-25 20:41:59 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
              - 2008-01-25 16:13:36 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
              + 2008-01-25 20:42:00 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
              + 2007-01-23 18:30:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
              "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-25 19:00 1667584]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "\\Studiosindala\EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2007-01-23 19:30 98304]
              "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
              "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
              "RTHDCPL"="RTHDCPL.EXE" [2008-01-25 19:00 14396416 C:\WINDOWS\RTHDCPL.EXE]
              "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
              "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

              C:\Documents and Settings\Administrator.INGMAR\Menu Start\Programma's\Opstarten\
              Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]

              C:\Documents and Settings\ingemare\Menu Start\Programma's\Opstarten\
              Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]

              C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
              BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
              Sweex WiFi LAN 140 Nitro XM Utility.lnk - C:\Program Files\Sweex WiFi LAN 140 Nitro XM Utility\WlanUtl.exe [2006-10-26 19:35:20 794624]

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OSI Kernel DebugMon]
              @=""

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
              path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
              backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
              path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
              backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
              path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
              backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
              --a------ 2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
              C:\Program Files\AdVantage\AdVantage.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
              --a------ 2008-01-25 19:00 219520 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
              C:\WINDOWS\avp .exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
              --a------ 2004-04-26 16:21 270336 C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaretakerNotifier]
              C:\Program Files\SurfRight\Caretaker\Notifier.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
              C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
              C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
              --a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
              --a------ 2008-01-25 12:24 171464 C:\Program Files\DAEMON Tools\daemon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
              -ra------ 2005-11-03 08:22 77824 C:\WINDOWS\system32\hkcmd.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
              -ra------ 2005-11-03 08:26 118784 C:\WINDOWS\system32\igfxpers.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
              -ra------ 2005-11-03 08:25 98304 C:\WINDOWS\system32\igfxtray.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
              --------- 2005-07-25 11:01 1397760 C:\Program Files\Ahead\InCD\InCD.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
              --a------ 2006-06-14 15:24 278528 C:\Program Files\iTunes\iTunesHelper.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
              --a------ 2008-01-25 19:00 1667584 C:\Program Files\Messenger\msmsgs.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
              --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
              --a------ 2006-08-30 18:51 7630848 C:\WINDOWS\system32\NvCpl.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
              --a------ 2006-08-30 18:51 86016 C:\WINDOWS\system32\NvMcTray.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
              --a------ 2006-08-30 18:51 1519616 C:\WINDOWS\system32\nwiz.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
              --a------ 2007-04-09 13:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
              --a------ 2006-10-26 20:35 282624 C:\Program Files\QuickTime\qttask.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
              --a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
              -ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
              --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDConfig]
              --a------ 2003-04-23 18:30 184320 C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
              "CaretakerUpdate"=2 (0x2)
              "CaretakerSvc"=2 (0x2)
              "CaretakerProxy"=2 (0x2)
              "CaretakerAntispam"=2 (0x2)
              "svcWRSSSDK"=2 (0x2)
              "SDhelper"=3 (0x3)
              "pr2akt6c"=2 (0x2)
              "PnkBstrA"=2 (0x2)
              "NOD32krn"=2 (0x2)

              R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-06-08 18:29]
              R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-06-08 18:28]
              R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys [2007-06-08 18:28]
              R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
              R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
              R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
              R3 SWXG3021;Sweex 802.11g XG302 SP1 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-10-20 07:40]
              S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
              S2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
              S2 OSI Kernel DebugMon;OSI Kernel DebugMon;C:\DOCUME~1\ingemare\LOCALS~1\Temp\svchost.sys
              S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
              S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
              S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-04-26 13:32]
              S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS [2002-10-30 10:43]
              S4 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe"
              S4 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe"
              S4 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
              S4 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
              S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c14cf32-3398-11dc-b2fb-00160a007a88}]
              \Shell\AutoRun\command - E:\Exe\Autorun.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec6edde-c9b5-11dc-b49b-001583b3d077}]
              \Shell\AutoRun\command - E:\RunGame.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2c8280-b58c-11db-b2e3-00160a007a88}]
              \Shell\AutoRun\command - E:\Exe\Autorun.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23343b0-3393-11dc-b2fa-00160a007a88}]
              \Shell\AutoRun\command - I:\autorun.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be94de16-2f0c-11dc-b2ed-00160a007a88}]
              \Shell\AutoRun\command - E:\Exe\Autorun.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce445d18-7af9-11db-b0ff-00160a007a88}]
              \Shell\AutoRun\command - E:\Exe\Autorun.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8a-c9b1-11dc-b499-806d6172696f}]
              \Shell\AutoRun\command - E:\Autorun.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8b-c9b1-11dc-b499-001583b3d077}]
              \Shell\AutoRun\command - G:\RunGame.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f5421a-c9c2-11dc-b49f-001583b3d077}]
              \Shell\AutoRun\command - G:\RunGame.exe

              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-29 16:02:43
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
              "\\\\Studiosindala\\EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P42 \"\\\\Studiosindala\\EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
              .
              Voltooingstijd: 2008-01-29 16:03:35
              ComboFix-quarantined-files.txt 2008-01-29 15:03:33
              ComboFix2.txt 2008-01-25 20:08:10







              Hijackthis log:
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 16:05:02, on 29-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Safe mode with network support

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\explorer.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/nl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
              O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
              O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
              O4 - HKLM\..\Run: [\\Studiosindala\EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P42 "\\Studiosindala\EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
              O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
              O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
              O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
              O4 - Global Startup: Sweex WiFi LAN 140 Nitro XM Utility.lnk = ?
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
              O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
              O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
              O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
              O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

              --
              End of file - 6131 bytes

              Comment


              • #8
                Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

                Driver::
                OSI Kernel DebugMon

                File::
                C:\DOCUME~1\ingemare\LOCALS~1\Temp\svchost.sys

                Registry::
                [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]

                Folder::
                C:\Program Files\AdVantage

                Sla dit op op je Bureaublad als CFScript.txt

                Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                Dit zal ComboFix doen herstarten.
                Start opnieuw op als daarom gevraagd wordt,
                en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
                Groet,
                Pimmerd

                Comment


                • #9
                  Combofix

                  ComboFix 08-01-23.1C - ingemare 2008-01-29 20:44:36.4 - NTFSx86 NETWORK
                  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.693 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\ingemare\Bureaublad\ComboFix.exe
                  Command switches used :: C:\Documents and Settings\ingemare\Bureaublad\CFscript.txt

                  FILE
                  C:\DOCUME~1\ingemare\LOCALS~1\Temp\svchost.sys
                  .

                  (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))
                  .

                  2008-01-29 19:17 . 2008-01-29 20:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
                  2008-01-29 19:17 . 2008-01-29 19:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico
                  2008-01-29 19:17 . 2008-01-29 19:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
                  2008-01-29 19:17 . 2008-01-29 19:17 1,406 --a------ C:\WINDOWS\system32\Help.ico
                  2008-01-29 19:01 . 2008-01-29 19:10 <DIR> d-------- C:\WINDOWS\BDOSCAN8
                  2008-01-29 17:15 . 2008-01-29 19:13 <DIR> d-------- C:\WINDOWS\LastGood
                  2008-01-28 15:45 . 2008-01-28 15:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                  2008-01-26 09:43 . 2008-01-26 09:43 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-01-26 08:50 . 2004-08-03 23:00 261,936 --a------ C:\cmldr
                  2008-01-26 08:50 . 2008-01-25 16:49 211 --a------ C:\Boot.bak
                  2008-01-25 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
                  2008-01-25 17:50 . 2008-01-25 17:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
                  2008-01-25 17:09 . 2008-01-25 17:09 <DIR> d-------- C:\Program Files\Common Files\Application
                  2008-01-25 17:08 . 2008-01-29 20:00 <DIR> d-------- C:\Program Files\SPYWAREfighter
                  2008-01-23 16:52 . 2008-01-28 14:02 <DIR> d-------- C:\Program Files\DAEMON Tools
                  2008-01-20 10:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
                  2008-01-18 21:39 . 2008-01-18 21:39 32 --a------ C:\WINDOWS\CD_Start.INI
                  2008-01-09 16:12 . 2008-01-09 16:12 <DIR> d-------- C:\Program Files\IVT Corporation
                  2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
                  2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini
                  2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\VST
                  2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
                  2007-12-30 17:57 . 2007-12-30 17:57 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
                  2007-12-30 17:57 . 2006-12-21 14:50 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-01-29 19:36 --------- d-----w C:\Program Files\iTunes
                  2008-01-29 16:21 --------- d-----w C:\Program Files\Spyware Doctor
                  2008-01-29 16:20 --------- d-----w C:\Program Files\Hitman Pro
                  2008-01-25 18:00 69,632 ----a-w C:\WINDOWS\ALCMTR.EXE
                  2008-01-25 18:00 14,396,416 ----a-w C:\WINDOWS\RTHDCPL.EXE
                  2008-01-23 15:48 --------- d-----w C:\Program Files\Elaborate Bytes
                  2008-01-23 12:20 --------- d-----w C:\Program Files\EA Games
                  2008-01-20 09:47 --------- d-----w C:\Program Files\Tweak-XP Pro 4
                  2008-01-20 09:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
                  2008-01-19 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2008-01-19 10:13 --------- d-----w C:\Program Files\SpywareBlaster
                  2008-01-18 20:44 --------- d-----w C:\Program Files\Activision
                  2008-01-05 17:53 --------- d-----w C:\Program Files\PC Wizard 2007
                  2008-01-05 17:06 --------- d-----w C:\Program Files\SpeedFan
                  2007-12-05 16:08 --------- d-----w C:\Program Files\Webteh
                  2007-12-03 12:58 --------- d-----w C:\Program Files\LimeWire
                  2007-12-01 10:56 --------- d-----w C:\Program Files\DVD Flick
                  2007-11-30 19:45 --------- d-----w C:\Program Files\InfraRecorder
                  2007-11-30 17:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
                  2007-11-30 14:12 --------- d-----w C:\Program Files\SurfRight
                  2007-11-26 15:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
                  2007-11-26 15:50 249,856 ------w C:\WINDOWS\Setup1.exe
                  2007-11-07 14:36 3,403,473,876 ----a-w C:\Program Files\ccd-set6.mdf
                  2007-11-06 12:57 4,848 ----a-w C:\Program Files\ccd-set6.mds
                  2006-10-26 22:26 271 --sh--w C:\Program Files\desktop.ini
                  2006-10-26 22:26 21,952 ---ha-w C:\Program Files\folder.htt
                  .

                  ((((((((((((((((((((((((((((( [email protected]_21.01.30.14 )))))))))))))))))))))))))))))))))))))))))
                  .
                  + 2008-01-29 18:01:40 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
                  + 2008-01-29 18:01:40 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
                  + 2008-01-29 18:01:40 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
                  + 2008-01-29 18:01:41 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
                  + 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
                  + 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
                  + 2008-01-29 18:01:42 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
                  + 2008-01-29 18:01:40 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
                  + 2006-08-24 07:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
                  + 2008-01-15 21:12:38 312,680 ----a-w C:\WINDOWS\Downloaded Program Files\avsniff.dll
                  + 2008-01-15 21:12:40 255,336 ----a-w C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
                  + 2008-01-09 14:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
                  + 2008-01-15 21:02:44 42,112 ----a-w C:\WINDOWS\Downloaded Program Files\ecmldr32.dll
                  + 2008-01-23 00:00:00 284,016 ----a-w C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
                  + 2006-07-11 08:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
                  + 2008-01-09 14:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
                  + 2008-01-15 21:02:58 201,896 ----a-w C:\WINDOWS\Downloaded Program Files\navapi32.dll
                  + 2008-01-23 00:00:00 128,368 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll
                  + 2008-01-23 00:00:00 943,472 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll
                  + 2008-01-15 21:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll
                  + 2008-01-23 00:00:00 97,776 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat
                  + 2008-01-23 00:00:00 403,360 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat
                  + 2008-01-23 00:00:00 2,666,609 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat
                  + 2008-01-23 00:00:00 440,643 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat
                  + 2008-01-23 00:00:00 1,025,485 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat
                  + 2008-01-23 00:00:00 68,399 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat
                  + 2008-01-23 00:00:00 3,294 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1hd.dat
                  + 2008-01-23 00:00:00 998,515 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat
                  + 2008-01-23 00:00:00 570,966 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat
                  + 2008-01-23 00:00:00 151,148 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat
                  + 2008-01-23 00:00:00 320,253 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat
                  + 2008-01-23 00:00:00 5,918,237 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat
                  + 2008-01-23 00:00:00 392,748 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat
                  + 2008-01-23 00:00:00 20,633,896 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat
                  + 2008-01-23 00:00:00 1,926,766 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat
                  + 2008-01-23 00:00:00 5,574,507 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat
                  - 2008-01-25 18:24:47 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                  + 2008-01-29 19:44:30 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                  - 2008-01-25 18:24:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                  + 2008-01-29 19:44:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                  - 2008-01-25 18:24:49 7,581,696 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
                  + 2008-01-29 19:44:31 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
                  - 2008-01-25 18:24:49 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                  + 2008-01-29 19:44:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                  + 2008-01-29 19:44:31 7,593,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
                  + 2008-01-29 19:44:31 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
                  - 2008-01-25 16:13:36 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
                  + 2008-01-25 20:41:59 17,062 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
                  - 2008-01-25 16:13:36 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
                  + 2008-01-25 20:41:59 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
                  - 2008-01-25 16:13:36 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
                  + 2008-01-25 20:42:00 57,344 ----a-r C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
                  + 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
                  + 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
                  + 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
                  + 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
                  + 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
                  + 2007-11-12 08:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
                  + 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
                  + 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
                  + 2007-11-26 10:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
                  + 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
                  + 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
                  + 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
                  + 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
                  + 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
                  + 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
                  + 2007-06-04 10:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
                  + 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
                  + 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
                  + 2007-10-30 09:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
                  + 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
                  + 2007-11-21 09:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
                  + 2007-10-31 12:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
                  + 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
                  + 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
                  + 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
                  + 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
                  + 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
                  + 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
                  + 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
                  + 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
                  + 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
                  + 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
                  + 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
                  + 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
                  + 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
                  + 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
                  + 2007-10-18 08:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
                  + 2007-11-23 13:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
                  + 2007-10-18 08:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
                  + 2007-10-30 10:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
                  + 2007-08-22 07:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
                  + 2007-11-12 14:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
                  + 2007-08-22 07:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
                  + 2007-08-22 07:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
                  + 2007-10-04 14:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
                  + 2007-10-23 10:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
                  + 2007-05-24 10:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
                  + 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
                  + 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
                  + 2007-06-08 08:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
                  + 2007-06-05 09:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
                  + 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
                  + 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
                  + 2007-09-17 08:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
                  + 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
                  + 2007-01-23 18:30:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE
                  + 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
                  .
                  -- Snapshot reset to current date --
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
                  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
                  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-25 19:00 1667584]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "\\Studiosindala\EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2007-01-23 19:30 98304]
                  "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
                  "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
                  "RTHDCPL"="RTHDCPL.EXE" [2008-01-25 19:00 14396416 C:\WINDOWS\RTHDCPL.EXE]
                  "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
                  "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

                  C:\Documents and Settings\Administrator.INGMAR\Menu Start\Programma's\Opstarten\
                  Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]

                  C:\Documents and Settings\ingemare\Menu Start\Programma's\Opstarten\
                  Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-26 21:16:26 1976056]

                  C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
                  BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 10:28:16 1200128]
                  Sweex WiFi LAN 140 Nitro XM Utility.lnk - C:\Program Files\Sweex WiFi LAN 140 Nitro XM Utility\WlanUtl.exe [2006-10-26 19:35:20 794624]

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OSI Kernel DebugMon]
                  @=""

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
                  path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
                  backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
                  path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
                  backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

                  [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
                  path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
                  backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
                  --a------ 2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
                  --a------ 2008-01-25 19:00 219520 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
                  C:\WINDOWS\avp .exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
                  --a------ 2004-04-26 16:21 270336 C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaretakerNotifier]
                  C:\Program Files\SurfRight\Caretaker\Notifier.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
                  C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
                  C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
                  --a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
                  --a------ 2008-01-25 12:24 171464 C:\Program Files\DAEMON Tools\daemon.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
                  -ra------ 2005-11-03 08:22 77824 C:\WINDOWS\system32\hkcmd.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
                  -ra------ 2005-11-03 08:26 118784 C:\WINDOWS\system32\igfxpers.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
                  -ra------ 2005-11-03 08:25 98304 C:\WINDOWS\system32\igfxtray.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
                  --------- 2005-07-25 11:01 1397760 C:\Program Files\Ahead\InCD\InCD.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                  --a------ 2006-06-14 15:24 278528 C:\Program Files\iTunes\iTunesHelper.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                  --a------ 2008-01-25 19:00 1667584 C:\Program Files\Messenger\msmsgs.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                  --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
                  --a------ 2006-08-30 18:51 7630848 C:\WINDOWS\system32\NvCpl.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
                  --a------ 2006-08-30 18:51 86016 C:\WINDOWS\system32\NvMcTray.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                  --a------ 2006-08-30 18:51 1519616 C:\WINDOWS\system32\nwiz.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
                  --a------ 2007-04-09 13:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                  --a------ 2006-10-26 20:35 282624 C:\Program Files\QuickTime\qttask.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
                  --a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
                  -ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                  --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZDConfig]
                  --a------ 2003-04-23 18:30 184320 C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                  "CaretakerUpdate"=2 (0x2)
                  "CaretakerSvc"=2 (0x2)
                  "CaretakerProxy"=2 (0x2)
                  "CaretakerAntispam"=2 (0x2)
                  "svcWRSSSDK"=2 (0x2)
                  "SDhelper"=3 (0x3)
                  "pr2akt6c"=2 (0x2)
                  "PnkBstrA"=2 (0x2)
                  "NOD32krn"=2 (0x2)

                  R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-06-08 18:29]
                  R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-06-08 18:28]
                  R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys [2007-06-08 18:28]
                  R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
                  R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
                  R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
                  R3 SWXG3021;Sweex 802.11g XG302 SP1 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-10-20 07:40]
                  S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
                  S2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:03]
                  S3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
                  S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
                  S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-04-26 13:32]
                  S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS [2002-10-30 10:43]
                  S4 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe"
                  S4 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe"
                  S4 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
                  S4 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
                  S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c14cf32-3398-11dc-b2fb-00160a007a88}]
                  \Shell\AutoRun\command - E:\Exe\Autorun.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec6edde-c9b5-11dc-b49b-001583b3d077}]
                  \Shell\AutoRun\command - E:\RunGame.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a2c8280-b58c-11db-b2e3-00160a007a88}]
                  \Shell\AutoRun\command - E:\Exe\Autorun.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23343b0-3393-11dc-b2fa-00160a007a88}]
                  \Shell\AutoRun\command - I:\autorun.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be94de16-2f0c-11dc-b2ed-00160a007a88}]
                  \Shell\AutoRun\command - E:\Exe\Autorun.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce445d18-7af9-11db-b0ff-00160a007a88}]
                  \Shell\AutoRun\command - E:\Exe\Autorun.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8a-c9b1-11dc-b499-806d6172696f}]
                  \Shell\AutoRun\command - E:\Autorun.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1f1e8b-c9b1-11dc-b499-001583b3d077}]
                  \Shell\AutoRun\command - G:\RunGame.exe

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f5421a-c9c2-11dc-b49f-001583b3d077}]
                  \Shell\AutoRun\command - G:\RunGame.exe

                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-01-29 20:48:43
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
                  "\\\\Studiosindala\\EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P42 \"\\\\Studiosindala\\EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
                  .
                  Voltooingstijd: 2008-01-29 20:51:41 - machine was rebooted
                  ComboFix-quarantined-files.txt 2008-01-29 19:51:38
                  ComboFix2.txt 2008-01-29 15:03:36
                  ComboFix3.txt 2008-01-25 20:08:10










                  Hijackthis:




                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 20:53:57, on 29-1-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Safe mode with network support

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                  O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
                  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                  O4 - HKLM\..\Run: [\\Studiosindala\EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P42 "\\Studiosindala\EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
                  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
                  O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
                  O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                  O4 - Global Startup: Sweex WiFi LAN 140 Nitro XM Utility.lnk = ?
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
                  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
                  O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                  O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                  O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                  O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
                  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
                  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
                  O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
                  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
                  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                  O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
                  O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

                  --
                  End of file - 7028 bytes

                  Comment


                  • #10
                    Kan je alweer in normale modus opstarten?
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      zal even proberen

                      Comment


                      • #12
                        nee hij gaf deze foutmelding direct na opstarten:

                        Stop: c000021a (onherstelbare systeemfout)
                        het systeemproces windows subsysteem is onverwacht afgebroken met de status: 0xc0000005 (0x7c9106c3 0x00c7l36c)
                        Het systeem is afgesloten

                        bezig met starten fysieke geheugendump
                        de fysieke geheugendump is voltooid
                        Neem contact met de systeembeheerder of de afdeling technische ondersteuning op voor hul
                        Last edited by ingmarvdlucht; 29-01-08, 21:20. Reden: typfout

                        Comment


                        • #13
                          Staat er ook nog een bestandsnaam bij?

                          Ga eens naar start --> uitvoeren en typ daar: sfc /scannow
                          Kijk of er verbetering is.
                          Groet,
                          Pimmerd

                          Comment


                          • #14
                            nee dit was alles wat er bij stond.

                            Ga eens naar start --> uitvoeren en typ daar: sfc /scannow
                            heb ik gedaan
                            nu weergeeft hij alleen de tekst onder het systeem is afgesloten niet meer
                            Last edited by ingmarvdlucht; 29-01-08, 21:34.

                            Comment


                            • #15
                              de onlinescan van pandasecurity zecht dat ik met NirCmd.A, MemoryWatcher en virtumonde geinfecteerd ben

                              en deze http://www.pctools.com/en/mrc/infections/id/Trojan-PWS.Tanspy
                              Last edited by ingmarvdlucht; 30-01-08, 16:52.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X