Hallo,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: (no name) - {8D9AA7FB-F484-4FED-89DE-DB30B85E76D6} - C:\WINDOWS\system32\audiosrvp.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Klik daarna op "Fix checked" en sluit HijackThis af.

Herstart de computer.


Volg de instructies.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

ComboFix 08-02.02.5 - Wesley 2008-02-02 14:47:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1674 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\#SharedObjects\LNPN5BAS\iforex.com
C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\#SharedObjects\LNPN5BAS\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Wesley\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\OPTIONS\CABS\_desktop.ini

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
.

2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
2008-01-21 22:48 . 19,584 C:\WINDOWS\system32\drivers\wntdksph.dat
2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 13:48 231,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-02 13:48 15,486,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-02 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-02 13:40 25,712 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-02 13:40 212,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 18:38 --------- d-----w C:\Program Files\Java
2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
2007-12-29 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D9AA7FB-F484-4FED-89DE-DB30B85E76D6}]
2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

R0 txwcqhia;txwcqhia;C:\WINDOWS\system32\drivers\wntdksph.dat
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-02 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 14:48:20
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-02 14:48:34
ComboFix-quarantined-files.txt 2008-02-02 13:48:32






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:31, on 2-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Wesley\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8D9AA7FB-F484-4FED-89DE-DB30B85E76D6} - C:\WINDOWS\system32\audiosrvp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

--
End of file - 3799 bytes

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

Ga naar deze website: http://www.virustotal.com/en/indexf.html
Laat volgend bestandje scannen: C:\WINDOWS\system32\AppCert\wsil32.dll
Post het resultaat van de scan.

ComboFix 08-02.02.5 - Wesley 2008-02-02 15:19:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1653 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wesley\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\system32\drivers\wntdksph.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\wntdksph.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_TXWCQHIA
-------\txwcqhia


(((((((((((((((((((( Bestanden Gemaakt van 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))
.

2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-02 14:20 234,272 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-02 14:20 15,576,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-02 13:40 25,712 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-02 13:40 212,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 18:38 --------- d-----w C:\Program Files\Java
2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
2007-12-29 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D9AA7FB-F484-4FED-89DE-DB30B85E76D6}]
2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-02 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 15:21:17
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-02 15:22:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 14:22:01
ComboFix2.txt 2008-02-02 13:48:34

Dit bestand staat niet op mijn computer..
En die website is heel traag, doet het vaak niet, ook niet bij het uploaden van een bestand.

Ik heb nog steeds last van de website trustedantivirus.com
En er kwam net weer een nieuwe bij vanuit het niets, Alphase.net

Sluit al je vensters van internet explorer (anders lukt het niet), en fix deze met hijackthis:
O2 - BHO: (no name) - {8D9AA7FB-F484-4FED-89DE-DB30B85E76D6} - C:\WINDOWS\system32\audiosrvp.dll

Herstart de computer.
Maak een nieuwe hijackthislog en post deze.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:30, on 4-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Wesley\Bureaublad\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {434ECC1E-5BFC-4A59-8978-9E282E15CB68} - C:\WINDOWS\system32\audiosrvp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://partyflock.nl/components/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4023 bytes

Maak een nieuwe log met combofix en post deze.

ComboFix 08-02.02.5 - Wesley 2008-02-04 18:57:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1685 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
.

2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-04 18:35 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-04 18:35 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-04 18:35 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-04 18:35 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-04 18:35 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-04 18:35 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-04 18:34 . 2008-02-04 18:34 <DIR> d-------- C:\Program Files\HP
2008-02-04 18:34 . 2008-02-04 18:35 112,278 --a------ C:\WINDOWS\hpoins11.dat
2008-02-04 18:34 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-02-04 18:34 . 2006-05-06 09:25 6,947 --a------ C:\WINDOWS\hpomdl11.dat
2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-02-02 15:37 . 19,584 C:\WINDOWS\system32\drivers\wntdksph.dat
2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 17:58 260,128 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-04 17:58 15,843,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-04 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-04 17:48 28,256 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-04 17:48 216,908 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-04 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 17:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 18:38 --------- d-----w C:\Program Files\Java
2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{434ECC1E-5BFC-4A59-8978-9E282E15CB68}]
2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

R0 txwcqhia;txwcqhia;C:\WINDOWS\system32\drivers\wntdksph.dat
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

*Newly Created Service* - PML_DRIVER_HPZ12
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-04 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 18:58:24
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-04 18:58:38
ComboFix-quarantined-files.txt 2008-02-04 17:58:36
ComboFix2.txt 2008-02-02 14:22:05
ComboFix3.txt 2008-02-02 13:48:34

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

ComboFix 08-02.02.5 - Wesley 2008-02-04 19:30:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1644 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wesley\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\system32\audiosrvp.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\audiosrvp.dll . . . . konden niet verwijderd worden

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
.

2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-04 18:35 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-04 18:35 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-04 18:35 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-04 18:35 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-04 18:35 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-04 18:35 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-04 18:34 . 2008-02-04 18:34 <DIR> d-------- C:\Program Files\HP
2008-02-04 18:34 . 2008-02-04 18:35 112,278 --a------ C:\WINDOWS\hpoins11.dat
2008-02-04 18:34 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-02-04 18:34 . 2006-05-06 09:25 6,947 --a------ C:\WINDOWS\hpomdl11.dat
2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-02-02 15:37 . 19,584 C:\WINDOWS\system32\drivers\wntdksph.dat
2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-01-21 22:48 . 2004-08-04 00:03 83,968 --a------ C:\WINDOWS\system32\audiosrvp.dll
2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 18:32 15,968,544 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-04 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-04 18:31 28,808 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-04 18:31 262,688 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-04 18:31 219,068 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-04 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 17:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 18:38 --------- d-----w C:\Program Files\Java
2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{434ECC1E-5BFC-4A59-8978-9E282E15CB68}]
2004-08-04 00:03 83968 --a------ C:\WINDOWS\system32\audiosrvp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

R0 txwcqhia;txwcqhia;C:\WINDOWS\system32\drivers\wntdksph.dat
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-04 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 19:32:23
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-04 19:33:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 18:33:06
ComboFix2.txt 2008-02-04 17:58:39
ComboFix3.txt 2008-02-02 14:22:05
ComboFix4.txt 2008-02-02 13:48:34

Zo zou het moeten lukken:
Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

ComboFix 08-02.02.5 - Wesley 2008-02-04 20:38:31.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1662 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Wesley\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wesley\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\system32\audiosrvp.dll
C:\WINDOWS\system32\drivers\wntdksph.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\audiosrvp.dll
C:\WINDOWS\system32\drivers\wntdksph.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_TXWCQHIA
-------\txwcqhia


(((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
.

2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-04 18:35 . 2008-02-04 18:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-04 18:35 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-04 18:35 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-04 18:35 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-04 18:35 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-04 18:35 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-04 18:35 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-04 18:34 . 2008-02-04 18:34 <DIR> d-------- C:\Program Files\HP
2008-02-04 18:34 . 2008-02-04 18:35 112,278 --a------ C:\WINDOWS\hpoins11.dat
2008-02-04 18:34 . 2005-07-19 02:39 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-02-04 18:34 . 2006-05-06 09:25 6,947 --a------ C:\WINDOWS\hpomdl11.dat
2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-04 18:15 . 2008-02-04 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-02-02 14:46 . 2008-02-02 14:46 <DIR> d-------- C:\Temp
2008-01-31 11:50 . 2008-01-31 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 11:50 . 2008-01-31 11:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 18:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 18:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 18:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 18:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 18:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 18:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 18:46 . 2008-01-28 18:46 1,564 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 19:38 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 19:37 . 2008-01-22 19:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-21 23:11 . 2008-01-21 23:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 23:11 . 2008-01-21 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\AdwareAlert
2008-01-21 22:48 . 2008-01-21 22:49 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-01-07 16:33 . 2008-01-07 16:36 <DIR> d-------- C:\Program Files\TVAnts
2008-01-07 15:35 . 2008-01-07 15:36 <DIR> d-------- C:\Program Files\SopCast

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 19:40 16,025,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-04 19:39 29,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-04 19:39 264,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-04 19:39 219,860 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-04 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-04 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 17:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 13:31 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 18:38 --------- d-----w C:\Program Files\Java
2008-01-22 18:33 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Azureus
2008-01-21 22:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 22:19 --------- d-----w C:\Documents and Settings\Wesley\Application Data\LimeWire
2008-01-18 11:57 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-14 19:58 --------- d-----w C:\Program Files\Azureus
2008-01-11 15:13 --------- d-----w C:\Program Files\PokerStars
2007-12-29 12:30 --------- d-----w C:\Program Files\PartyGaming
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Sony
2007-12-16 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-16 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-16 20:17 --------- d-----w C:\Program Files\QuickTime
2007-12-16 20:17 --------- d-----w C:\Program Files\Apple Software Update
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-16 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-16 19:41 --------- d-----w C:\Documents and Settings\Wesley\Application Data\Nokia
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\Wesley\Application Data\PC Suite
2007-12-16 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-16 19:34 --------- d-----w C:\Program Files\DIFX
2007-12-16 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-12 21:26 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 18:50 200768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^Wesley^Menu Start^Programma's^Opstarten^Update_0801_KB212148.exe]
path=C:\Documents and Settings\Wesley\Menu Start\Programma's\Opstarten\Update_0801_KB212148.exe
backup=C:\WINDOWS\pss\Update_0801_KB212148.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 08:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-01 22:11]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-04 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.WesleyWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 20:40:35
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-04 20:41:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 19:41:24
ComboFix2.txt 2008-02-04 18:33:11
ComboFix3.txt 2008-02-04 17:58:39
ComboFix4.txt 2008-02-02 14:22:05
ComboFix5.txt 2008-02-02 13:48:34