Mededeling

**Ryan91** · 31-01-08, 00:04

Ik zag naderhand in een ander topic een zelfde soort vraag staan met een reply.

Ik heb toen RVAXO even laten draaien, en Deckard's system scanner:

RVAXO:

---RVAXO.exe Updated: 2008-01-30---first run---
Files found:
C:\WINDOWS\system32\drvfamr.dll
C:\Program Files\spoolsv.exe
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\wowfx.dll
C:\Program Files\ucleaner_setup.exe
C:\Documents and Settings\Ryan Palmer\Application Data\printer.exe
C:\WINDOWS\system32\netlogun.exe

Uninstallers Rogue scanners:

Folders Found:

C:\Documents and Settings\Ryan Palmer\Application Data\ultra

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

C:\Documents and Settings\Ryan Palmer\Mijn documenten\Mijn ontvangen bestanden\BA Delta.zip
C:\Documents and Settings\Ryan Palmer\Mijn documenten\Mijn ontvangen bestanden\MT_BDC2_Base_Pack.zip
C:\Documents and Settings\Ryan Palmer\Mijn documenten\Mijn ontvangen bestanden\VECTAFIXlocked.zip
Folders Found:

--------------RVAXO.exe finished----------------

Deckard's system scanner:

Deckard's System Scanner v20071014.68
Run by Ryan Palmer on 2008-01-30 23:54:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
11: 2008-01-30 22:54:13 UTC - RP197 - Deckard's System Scanner Restore Point
10: 2008-01-30 14:54:38 UTC - RP196 - Spyware Doctor: Cleaning Threats
9: 2008-01-30 14:19:55 UTC - RP195 - Last known good configuration
8: 2008-01-30 14:19:48 UTC - RP194 - Installed QuickTime
7: 2008-01-30 14:19:48 UTC - RP193 - Installed SimTractor 3.6.6 Machinery Addons II COUGAR

-- First Restore Point --
1: 2008-01-30 14:19:47 UTC - RP187 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.77 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-31 00:00:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan Palmer\Bureaublad\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.openbaarvervoerinboskoop.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {753D709F-3598-4892-BA1A-E85F119B18E9} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} - C:\WINDOWS\system32\iifgdcy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: iifgdcy - C:\WINDOWS\system32\iifgdcy.dll
O21 - SSODL: zip - {a123afa8-8390-4e98-9ced-5f3c63861534} - C:\WINDOWS\Installer\{a123afa8-8390-4e98-9ced-5f3c63861534}\zip.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Memeo AutoSync (AutoSyncService) - Memeo - C:\Program Files\Memeo\AutoSync\MemeoService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\RYANPA~1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product=
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\Pclepci.sys
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13478 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Kpu27 - c:\windows\system32\drivers\kpu27.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 smtpdrv - c:\windows\system32\drivers\smtpdrv.sys <Not Verified; NT Kernel Resources; NDIS packet redirector driver>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>
R3 USB2_04 (USB2_04 driver) - c:\windows\system32\drivers\nkv2.sys

S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 PciCon - k:\pcicon.sys (file missing)
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S4 AutoSyncService (Memeo AutoSync ) - "c:\program files\memeo\autosync\memeoservice.exe" <Not Verified; Memeo; Memeo AutoBackup>
S4 hpdj - c:\docume~1\ryanpa~1\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product= (file missing)
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netwerkkaart
Device ID: V1394\NIC1394\2BC4C110DC
Manufacturer: Microsoft
Name: 1394-netwerkkaart
PNP Device ID: V1394\NIC1394\2BC4C110DC
Service: NIC1394

-- Scheduled Tasks -------------------------------------------------------------

2008-01-24 21:45:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-12-31 and 2008-01-31 -----------------------------

2008-01-30 23:42:33 37228 --ahs---- C:\WINDOWS\system32\hgjlm.ini2
2008-01-30 23:39:35 0 d-------- C:\RVAXO
2008-01-30 23:34:59 642514 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-01-30 23:34:59 77312 --a------ C:\WINDOWS\system32\remove.exe
2008-01-30 23:18:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-30 22:48:21 0 d-------- C:\Program Files\Trend Micro
2008-01-30 17:34:27 18176 --a------ C:\WINDOWS\system32\drivers\smtpdrv.sys <Not Verified; NT Kernel Resources; NDIS packet redirector driver>
2008-01-30 15:39:21 98709 --a------ C:\Documents and Settings\Ryan Palmer\Application Data\sysdefender.exe
2008-01-30 15:22:25 51968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-01-30 15:19:32 334336 --a------ C:\WINDOWS\system32\mljgh.dll
2008-01-30 15:15:13 25984 --a------ C:\WINDOWS\system32\drivers\Kpu27.sys
2008-01-30 15:15:03 36352 --a------ C:\cjbnqf.exe
2008-01-30 15:15:01 49955 -----n--- C:\xugals.exe
2008-01-30 15:14:53 103936 --a------ C:\WINDOWS\system32\drvfam.dll
2008-01-30 15:14:19 39424 --a------ C:\WINDOWS\system32\iifgdcy.dll
2008-01-30 10:29:32 0 d-------- C:\Program Files\Vstep
2008-01-29 17:14:32 0 d-------- C:\Program Files\QuickTime
2008-01-29 14:21:51 0 d-------- C:\Program Files\SimTractor 3.5
2008-01-29 14:04:38 0 d-------- C:\Program Files\18 WoS Pedal to the Metal
2008-01-28 16:38:00 0 d-------- C:\Program Files\ValuSoft
2008-01-28 11:59:41 0 d-------- C:\Program Files\racer
2008-01-14 11:08:51 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\InterVideo
2008-01-14 11:07:37 0 d-------- C:\Program Files\InterVideo
2008-01-06 22:02:25 38500 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-01 21:38:29 0 d-------- C:\vcs5BGEffects
2008-01-01 21:36:57 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2007-12-31 15:35:54 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\skypePM
2007-12-31 15:35:54 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-31 15:34:26 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\Skype
2007-12-31 15:34:12 0 d-------- C:\Program Files\Skype
2007-12-31 15:34:12 0 d-------- C:\Program Files\Common Files\Skype
2007-12-31 15:33:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype

-- Find3M Report ---------------------------------------------------------------

2008-01-30 23:49:41 466830 --a------ C:\WINDOWS\system32\perfh013.dat
2008-01-30 23:49:41 81854 --a------ C:\WINDOWS\system32\perfc013.dat
2008-01-30 23:03:47 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\LimeWire
2008-01-30 22:55:35 0 d-------- C:\Program Files\eMule
2008-01-30 16:15:07 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\XnView
2008-01-30 07:49:28 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\BitTorrent
2008-01-29 19:49:03 0 d-------- C:\Program Files\Traffic
2008-01-28 15:55:39 3066 --a------ C:\Documents and Settings\Ryan Palmer\Application Data\wklnhst.dat
2008-01-22 20:51:02 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\Hamachi
2008-01-14 11:07:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-14 11:06:53 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-13 18:51:03 0 d-------- C:\Program Files\SimSig
2008-01-10 15:45:29 0 d-------- C:\Program Files\Rail Simulator
2008-01-10 11:14:56 0 d-------- C:\Program Files\iTunes
2007-12-31 20:38:07 0 d-------- C:\Program Files\Microsoft Games
2007-12-31 15:34:12 0 d-------- C:\Program Files\Common Files
2007-12-30 16:47:43 0 d-------- C:\Program Files\LimeWire
2007-12-27 14:22:51 0 d-------- C:\Program Files\Google
2007-12-26 14:54:07 0 d-------- C:\Documents and Settings\Ryan Palmer\Application Data\Google
2007-12-26 13:01:57 212272 --a------ C:\Documents and Settings\Ryan Palmer\Application Data\NMM-MetaData.db
2007-12-26 12:12:18 0 d-------- C:\Program Files\Hamachi
2007-12-26 01:38:29 0 d-------- C:\Program Files\Picasa2
2007-12-25 22:54:08 0 d-------- C:\Program Files\Western Digital
2007-12-25 22:53:34 0 d-------- C:\Program Files\Common Files\eSellerate
2007-12-25 22:53:31 0 d-------- C:\Program Files\Memeo
2007-12-25 22:51:53 0 d-------- C:\Program Files\Western Digital Technologies
2007-12-24 11:46:01 0 d-------- C:\Program Files\SplitCam
2007-12-23 02:13:36 0 d-------- C:\Program Files\Bus-Simulator 2008
2007-12-17 03:43:52 0 d-------- C:\Program Files\Messenger Plus! Live
2007-12-17 03:43:50 0 d-------- C:\Program Files\MSN Messenger
2007-12-03 15:07:56 56832 -----n--- C:\WINDOWS\system32\iyvu9_32.dll
2007-12-03 15:07:55 756736 -----n--- C:\WINDOWS\system32\ir41_32.dll <Not Verified; Intel Corporation; Intel Indeo(R) Video Interactive 32-bit Driver>
2007-12-03 15:07:55 143872 -----n--- C:\WINDOWS\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-12-02 13:50:21 0 d-------- C:\Program Files\BitTorrent
2007-12-01 03:00:54 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-30 23:51:00 0 d-------- C:\Program Files\Audacity
2007-11-30 09:37:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-30 09:33:34 0 d-------- C:\Program Files\Windows Live
2007-11-22 10:25:07 95 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
04/10/2007 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{753D709F-3598-4892-BA1A-E85F119B18E9}]
30/01/2008 15:19 334336 --a------ C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
30/01/2008 15:14 39424 --a------ C:\WINDOWS\system32\iifgdcy.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 21:06 1135968]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10/10/2007 06:28]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [26/04/2007 15:54]
"@"=""

"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [26/04/2007 16:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [15/06/2006 12:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 18:36]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 17:14]
"nwiz"="nwiz.exe" [04/10/2007 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 17:14]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 17:34]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
"P17Helper"="P17.dll" [03/05/2005 19:38 C:\WINDOWS\system32\P17.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BySoft FreeRAM"="C:\Program Files\BySoft FreeRAM\FreeRAM.exe" [17/12/2004 21:44]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 16:43]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [19/09/2007 20:48]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:03]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [03/07/2007 12:32]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/01/2008 17:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Ryan Palmer\Menu Start\Programma's\Opstarten\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [21/11/2007 11:38:13]
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\Ryan Palmer\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [25/12/2007 22:52:40]
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe [06/07/2007 17:28:44]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [14/01/2008 11:07:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}"= C:\WINDOWS\system32\iifgdcy.dll [30/01/2008 15:14 39424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {a123afa8-8390-4e98-9ced-5f3c63861534} - C:\WINDOWS\Installer\{a123afa8-8390-4e98-9ced-5f3c63861534}\zip.dll [30/01/2008 15:16 38950]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgdcy]
iifgdcy.dll 30/01/2008 15:14 39424 C:\WINDOWS\system32\iifgdcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kpu27.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan Palmer^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Ryan Palmer\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
C:\Program Files\BySoft FreeRAM\FreeRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
"C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
"C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"IDriverT"=3 (0x3)
"hpdj"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-- End of Deckard's System Scanner: finished at 2008-01-31 00:03:31 ------------

Ik hoop dat dit er ook aan bij kan dragen.

Alvast bedankt!!

Ryan

**Marckie** · 31-01-08, 09:03

Hallo Ryan,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: (no name) - {753D709F-3598-4892-BA1A-E85F119B18E9} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {89A1E40D-0254-4F99-B9AE-B60A2D8754A9} - C:\WINDOWS\system32\iifgdcy.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: iifgdcy - C:\WINDOWS\system32\iifgdcy.dll
O21 - SSODL: zip - {a123afa8-8390-4e98-9ced-5f3c63861534} - C:\WINDOWS\Installer\{a123afa8-8390-4e98-9ced-5f3c63861534}\zip.dll

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.

Begeleiding en Tutorial voor het gebruik van ComboFix

http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden

Begeleiding en Tutorial voor het gebruik van ComboFix

Volg de instructies.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**Ryan91** · 31-01-08, 12:26

Hallo Marckie,

Ik heb Hijackthis nog een keer laten draaien, echter zag ik alleen O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll en O21 - SSODL: zip - {a123afa8-8390-4e98-9ced-5f3c63861534} - C:\WINDOWS\Installer\{a123afa8-8390-4e98-9ced-5f3c63861534}\zip.dll staan. De heb ik aangevinkt en gefixed. Alleen blijft de 2e gewoon staan.

Vervolgens combofix en het diskette bestand van microsoft gedownload. Vervolgens het .exe bestand over de Combofix.exe geplaatst en hij ging z'n werk. Na een tijdje kreeg ik de melding Garantiebeperking inzake software en daar kon ik op 'ja' of 'nee' klikken. Ik heb op ja geklikt. daarna ging hij een herstelpunt maken, en vervolgens ging de autoscan z'n werk. Onder het scannen kreeg ik de melding "Installing the Recovery Console", ik heb toen op OK geklikt. Daarna kreeg ik een error Kan een benodigde bron niet vinden.. Daarna krijg ik de melding You didn't select YES. Installation is aborted.

Wat moet ik nu verder doen?

**Marckie** · 31-01-08, 12:37

Sla die stap met de recoveryconsole over en laat ComboFix scannen.

**Ryan91** · 31-01-08, 14:24

Hallo,

Hier het log bestand:

ComboFix 08-01-31.4 - Ryan Palmer 2008-01-31 13:46:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.638 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Ryan Palmer\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iifgdcy.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\iifgdcy.dll
C:\WINDOWS\system32\jnrlbklo.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\olkblrnj.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SMTPDRV
-------\smtpdrv

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))
.

2008-01-30 23:53 . 2008-01-30 23:53 <DIR> d-------- C:\Deckard
2008-01-30 23:39 . 2008-01-31 07:55 <DIR> d-------- C:\RVAXO
2008-01-30 23:34 . 2008-01-31 00:31 642,514 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-01-30 23:34 . 2001-10-01 14:51 77,312 --a------ C:\WINDOWS\system32\remove.exe
2008-01-30 23:18 . 2008-01-31 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-30 22:48 . 2008-01-30 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-30 18:09 . 2005-06-15 11:07 11,264 --a------ C:\WINDOWS\INRES.DLL
2008-01-30 15:39 . 2005-05-28 09:00 98,709 --a------ C:\Documents and Settings\Ryan Palmer\Application Data\sysdefender.exe
2008-01-30 15:35 . 2008-01-30 15:35 269,334 --a------ C:\WINDOWS\system32\ratgf.bmp
2008-01-30 15:26 . 2008-01-30 15:26 160,560 --a------ C:\Program Files\udefender_setup.exe
2008-01-30 15:22 . 2008-01-31 11:55 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-01-30 15:15 . 2008-01-30 15:15 54,764 --a------ C:\WINDOWS\system32\btstack.ibs
2008-01-30 15:15 . 2008-01-30 15:15 49,955 --------- C:\xugals.exe
2008-01-30 15:15 . 2008-01-30 15:15 36,352 --a------ C:\cjbnqf.exe
2008-01-30 15:15 . 2008-01-31 14:02 25,984 --a------ C:\WINDOWS\system32\drivers\Kpu27.sys
2008-01-30 15:14 . 2008-01-30 15:14 103,936 --a------ C:\WINDOWS\system32\drvfam.dll
2008-01-30 10:29 . 2008-01-30 10:29 <DIR> d-------- C:\Program Files\Vstep
2008-01-29 17:14 . 2008-01-29 17:15 <DIR> d-------- C:\Program Files\QuickTime
2008-01-29 14:21 . 2008-01-29 14:24 <DIR> d-------- C:\Program Files\SimTractor 3.5
2008-01-29 14:04 . 2008-01-29 14:49 <DIR> d-------- C:\Program Files\18 WoS Pedal to the Metal
2008-01-28 16:38 . 2008-01-28 16:38 <DIR> d-------- C:\Program Files\ValuSoft
2008-01-28 11:59 . 2008-01-28 13:04 <DIR> d-------- C:\Program Files\racer
2008-01-14 11:08 . 2008-01-14 11:08 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\InterVideo
2008-01-14 11:07 . 2008-01-14 11:07 <DIR> d-------- C:\Program Files\InterVideo
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 11:14 . 2008-01-10 11:14 29,926 --a------ C:\WINDOWS\system32\netlogimg.ico
2008-01-06 22:02 . 2008-01-06 22:02 38,500 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-01 21:38 . 2008-01-08 19:36 <DIR> d-------- C:\vcs5BGEffects
2008-01-01 21:36 . 2008-01-08 19:31 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2007-12-31 15:35 . 2008-01-27 19:16 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\skypePM
2007-12-31 15:35 . 2007-12-31 15:35 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-31 15:34 . 2007-12-31 15:34 <DIR> d-------- C:\Program Files\Skype
2007-12-31 15:34 . 2007-12-31 15:34 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-31 15:34 . 2008-01-27 23:04 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\Skype
2007-12-31 15:33 . 2007-12-31 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-27 13:58 . 1998-10-22 04:01 237,056 --a------ C:\WINDOWS\system32\NMFAST40.BPL
2007-12-27 13:57 . 2007-12-27 13:57 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\WINDOWS
2007-12-27 13:57 . 1999-02-17 04:02 1,888,224 --a------ C:\WINDOWS\system32\VCL40.BPL
2007-12-27 13:57 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-27 13:57 . 1998-06-17 04:00 252,408 --a------ C:\WINDOWS\system32\VCLX40.BPL
2007-12-27 13:57 . 1998-10-22 04:01 107,512 --a------ C:\WINDOWS\system32\INET40.BPL
2007-12-27 13:57 . 1998-10-22 04:01 71,160 --a------ C:\WINDOWS\system32\VCLSMP40.BPL
2007-12-27 13:50 . 2001-05-22 06:00 1,324,032 --a------ C:\WINDOWS\system32\vcl60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 637,440 --a------ C:\WINDOWS\system32\rtl60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 213,504 --a------ C:\WINDOWS\system32\vclx60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 96,256 --a------ C:\WINDOWS\system32\vcljpg60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 62,464 --a------ C:\WINDOWS\system32\VCLSMP60.BPL
2007-12-27 13:48 . 2008-01-13 18:51 <DIR> d-------- C:\Program Files\SimSig
2007-12-26 12:12 . 2008-01-22 20:51 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\Hamachi
2007-12-26 12:11 . 2007-12-26 12:12 <DIR> d-------- C:\Program Files\Hamachi
2007-12-26 12:11 . 2007-12-26 12:11 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-26 04:33 . 2007-12-26 04:34 <DIR> d--h----- C:\_Memeo
2007-12-25 22:54 . 2007-12-25 22:54 <DIR> d-------- C:\Program Files\Western Digital
2007-12-25 22:53 . 2007-12-25 22:53 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2007-12-25 22:52 . 2007-12-25 22:53 <DIR> d-------- C:\Program Files\Memeo
2007-12-25 22:52 . 2007-12-25 22:53 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2007-12-25 22:51 . 2007-12-25 22:51 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-12-24 13:46 . 2007-12-24 13:46 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
2007-12-24 11:46 . 2007-12-24 11:46 <DIR> d-------- C:\Program Files\SplitCam
2007-12-24 11:46 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2007-12-22 13:23 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-12-18 21:32 . 2007-12-23 02:13 <DIR> d-------- C:\Program Files\Bus-Simulator 2008
2007-12-17 07:42 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-07 18:55 . 2007-11-10 10:57 <DIR> d-------- C:\Program Files\ATS-052b
2007-12-04 16:18 . 2007-12-04 16:18 131,072 --a------ C:\WINDOWS\system\ZipDll.Dll
2007-12-04 16:18 . 2007-12-04 16:18 116,224 --a------ C:\WINDOWS\system\UnzDll.Dll
2007-12-03 15:07 . 2007-12-03 15:07 756,736 --------- C:\WINDOWS\system32\ir41_32.dll
2007-12-03 15:07 . 2007-12-03 15:07 143,872 --------- C:\WINDOWS\system32\iacenc.dll
2007-12-03 15:07 . 2007-12-03 15:07 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll
2007-12-02 13:50 . 2007-12-02 13:50 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-01 03:00 . 2007-12-01 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 22:03 --------- d-----w C:\Documents and Settings\Ryan Palmer\Application Data\LimeWire
2008-01-30 21:55 --------- d-----w C:\Program Files\eMule
2008-01-30 16:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 15:15 --------- d-----w C:\Documents and Settings\Ryan Palmer\Application Data\XnView
2008-01-30 06:49 --------- d-----w C:\Documents and Settings\Ryan Palmer\Application Data\BitTorrent
2008-01-29 18:49 --------- d-----w C:\Program Files\Traffic
2008-01-28 14:55 3,066 ----a-w C:\Documents and Settings\Ryan Palmer\Application Data\wklnhst.dat
2008-01-19 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-01-14 10:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 10:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-10 14:45 --------- d-----w C:\Program Files\Rail Simulator
2008-01-10 10:14 --------- d-----w C:\Program Files\iTunes
2007-12-31 19:38 --------- d-----w C:\Program Files\Microsoft Games
2007-12-30 15:47 --------- d-----w C:\Program Files\LimeWire
2007-12-28 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-27 13:22 --------- d-----w C:\Program Files\Google
2007-12-26 00:38 --------- d-----w C:\Program Files\Picasa2
2007-12-17 02:43 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 02:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-30 22:51 --------- d-----w C:\Program Files\Audacity
2007-11-30 08:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-30 08:33 --------- d-----w C:\Program Files\Windows Live
2007-11-29 09:09 --------- d-----w C:\Program Files\Bus Driver
2007-11-28 17:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-11-07 09:51 732,160 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-26 11:20 20,480 ----a-w C:\WINDOWS\system32\[email protected]@@k.DLL
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-09 20:14 813,056 ----a-w C:\WINDOWS\isRS-000.tmp
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 761,856 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{428A8ABE-8777-4FF4-8818-2EE00072644D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{753D709F-3598-4892-BA1A-E85F119B18E9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BySoft FreeRAM"="C:\Program Files\BySoft FreeRAM\FreeRAM.exe" [2004-12-17 21:44 328192]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 20:48 455968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 22528]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 90112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-03 17:56 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 43520]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 15:54 774168]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 16:22 1132056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 237568]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1634304 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 393216]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 22528]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\Documents and Settings\Ryan Palmer\Menu Start\Programma's\Opstarten\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-11-21 11:38:13 568320]
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\Ryan Palmer\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2007-12-25 22:52:40 81920]
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe [2007-07-06 17:28:44 134168]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-14 11:07:44 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgdcy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Ryan Palmer^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Ryan Palmer\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-09-25 16:58 286016 C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
--a------ 2004-12-17 21:44 328192 C:\Program Files\BySoft FreeRAM\FreeRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:03 22528 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2007-05-13 15:57 5316608 C:\Program Files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 09:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
--a------ 2007-04-26 15:54 774168 C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
--a------ 2007-04-26 16:22 1132056 C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-09-19 20:48 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 229376 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-10 00:11 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 08:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 17:14 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 17:14 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1634304 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 393216 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 09:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 43520 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"IDriverT"=3 (0x3)
"hpdj"=2 (0x2)
"gusvc"=3 (0x3)

R0 Kpu27;Kpu27;C:\WINDOWS\system32\Drivers\Kpu27.sys [2008-01-31 14:02]
R3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-01-31 14:10]
S3 PciCon;PciCon;K:\PciCon.sys

S4 AutoSyncService;Memeo AutoSync ;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 17:28]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-24 20:45:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 14:04:56
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Voltooingstijd: 2008-01-31 14:14:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 13:14:49
.
2008-01-10 02:02:53 --- E O F ---

Nu is het zo dat ik het ene moment wel goed en snel internet heb, en enkele minuten later krijg ik iedere keer de melding "The connection has timed out".

Ryan

**Marckie** · 31-01-08, 15:14

Ryan,

Doe dit eerst nog als je wil :
Ga naar deze website: http://www.virustotal.com/en/indexf.html
Laat volgend bestandje scannen: C:\WINDOWS\system32\drvfam.dll
Post het resultaat van de scan.

Doe dit ook voor: C:\WINDOWS\system32\drivers\Kpu27.sys

**Ryan91** · 31-01-08, 15:27

File drvhuv.dll received on 01.30.2008 12:08:12 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.30.11 2008.01.30 -
AntiVir 7.6.0.57 2008.01.30 TR/Crypt.PEC2X.Gen
Authentium 4.93.8 2008.01.30 -
Avast 4.7.1098.0 2008.01.30 Win32

ialer-FR
AVG 7.5.0.516 2008.01.30 -
BitDefender 7.2 2008.01.30 -
CAT-QuickHeal 9.00 2008.01.29 Trojan.Dialer.yz
ClamAV 0.91.2 2008.01.30 -
DrWeb 4.44.0.09170 2008.01.30 -
eSafe 7.0.15.0 2008.01.28 Win32.Dialer.yz
eTrust-Vet 31.3.5497 2008.01.30 Win32/Crushpy.P
Ewido 4.0 2008.01.29 -
FileAdvisor 1 2008.01.30 -
Fortinet 3.14.0.0 2008.01.30 Misc/Dialer
F-Prot 4.4.2.54 2008.01.29 -
F-Secure 6.70.13260.0 2008.01.30 W32/Dialer.BYGW
Ikarus T3.1.1.20 2008.01.29 Trojan.Mezzia.CY
Kaspersky 7.0.0.125 2008.01.30 Trojan.Win32.Dialer.yz
McAfee 5218 2008.01.29 potentially unwanted program Dialer-Generic
Microsoft 1.3109 2008.01.28 Trojan:Win32/Adialer.OP
NOD32v2 2835 2008.01.30 unpack error
Norman 5.80.02 2008.01.29 W32/Dialer.BYGW
Panda 9.0.0.4 2008.01.29 Dialer.KYO
Prevx1 V2 2008.01.30 Trojan.MultiDrop.Generic
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.30 -
Sunbelt 2.2.907.0 2008.01.30 Trojan.Crypt.PEC2X.Gen
Symantec 10 2008.01.30 Downloader.MisleadApp
TheHacker 6.2.9.201 2008.01.28 Trojan/Dialer.yz
VBA32 3.12.2.6 2008.01.29 Trojan.Win32.Dialer.yz
VirusBuster 4.3.26:9 2008.01.29 -
Webwasher-Gateway 6.6.2 2008.01.30 Trojan.Crypt.PEC2X.Gen
Additional information
File size: 103936 bytes
MD5: 32bea5969a6e057042aa40a849478ded
SHA1: aa3562fb85de8b31450d7811e14e71a42a91723e
PEiD: PECompact 2.xx (Slim Loader) --> BitSum Technologies
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=7D7DBC1D0082202F9639016FBE816700FE413554

En bij de andere krijg ik tot dusver het volgende bericht: 0 bytes size received / Se ha recibido un archivo vacio

**Marckie** · 31-01-08, 15:52

Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\WINDOWS\system32\RVAXO.bat
C:\WINDOWS\system32\remove.exe
C:\xugals.exe
C:\cjbnqf.exe
C:\WINDOWS\system32\drvfam.dll

Suspect::[11]
C:\WINDOWS\system32\drivers\Kpu27.sys

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.
Aanvullend zal ComboFix een gezipt bestand op je Bureaublad plaatsen, met de naam [11]-Submit_Date_Time.zip
Tevens wordt na afloop van de scan een venstertje met de titel "Submit files for further analysis" geopend,
klik op OK om de upload-pagina te openen,
kopieër de vetgedrukte padbeschrijving op deze pagina,
en plak het in het invulvenster.
Klik op Send File.

**Marckie** · 31-01-08, 17:43

Bestand ontvangen, en het is malware.

Doe dit nog een keer, nadat je bovenstaande instructies uitgevoerd hebt.
Open een kladblokbestand.
Kopieer de ondestaande code, en plak deze in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

File::
C:\WINDOWS\system32\Drivers\Kpu27.sys

Driver::
Kpu27

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

**Ryan91** · 31-01-08, 17:53

C:\Documents and Settings\Ryan Palmer\Bureaublad.\[11][email protected]

Ik ga nu het laatste script scannen.

**Ryan91** · 31-01-08, 18:12

Log.txt:

ComboFix 08-01-31.4 - Ryan Palmer 2008-01-31 17:55:23.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.476 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Ryan Palmer\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan Palmer\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\system32\Drivers\Kpu27.sys
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Drivers\Kpu27.sys
I:\Autorun.inf . . . . konden niet verwijderd worden

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KPU27
-------\Kpu27

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))
.

2008-01-30 23:53 . 2008-01-30 23:53 <DIR> d-------- C:\Deckard
2008-01-30 23:39 . 2008-01-31 07:55 <DIR> d-------- C:\RVAXO
2008-01-30 23:18 . 2008-01-31 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-30 22:48 . 2008-01-30 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-30 18:09 . 2005-06-15 11:07 11,264 --a------ C:\WINDOWS\INRES.DLL
2008-01-30 15:39 . 2005-05-28 09:00 98,709 --a------ C:\Documents and Settings\Ryan Palmer\Application Data\sysdefender.exe
2008-01-30 15:35 . 2008-01-30 15:35 269,334 --a------ C:\WINDOWS\system32\ratgf.bmp
2008-01-30 15:26 . 2008-01-30 15:26 160,560 --a------ C:\Program Files\udefender_setup.exe
2008-01-30 15:22 . 2008-01-31 17:30 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-01-30 15:15 . 2008-01-30 15:15 54,764 --a------ C:\WINDOWS\system32\btstack.ibs
2008-01-30 10:29 . 2008-01-30 10:29 <DIR> d-------- C:\Program Files\Vstep
2008-01-29 17:14 . 2008-01-29 17:15 <DIR> d-------- C:\Program Files\QuickTime
2008-01-29 14:21 . 2008-01-29 14:24 <DIR> d-------- C:\Program Files\SimTractor 3.5
2008-01-29 14:04 . 2008-01-29 14:49 <DIR> d-------- C:\Program Files\18 WoS Pedal to the Metal
2008-01-28 16:38 . 2008-01-28 16:38 <DIR> d-------- C:\Program Files\ValuSoft
2008-01-28 11:59 . 2008-01-28 13:04 <DIR> d-------- C:\Program Files\racer
2008-01-14 11:08 . 2008-01-14 11:08 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\InterVideo
2008-01-14 11:07 . 2008-01-14 11:07 <DIR> d-------- C:\Program Files\InterVideo
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 11:14 . 2008-01-10 11:14 29,926 --a------ C:\WINDOWS\system32\netlogimg.ico
2008-01-06 22:02 . 2008-01-06 22:02 38,500 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-01 21:38 . 2008-01-08 19:36 <DIR> d-------- C:\vcs5BGEffects
2008-01-01 21:36 . 2008-01-08 19:31 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2007-12-31 15:35 . 2008-01-27 19:16 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\skypePM
2007-12-31 15:35 . 2007-12-31 15:35 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-31 15:34 . 2007-12-31 15:34 <DIR> d-------- C:\Program Files\Skype
2007-12-31 15:34 . 2007-12-31 15:34 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-31 15:34 . 2008-01-27 23:04 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\Skype
2007-12-31 15:33 . 2007-12-31 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-27 13:58 . 1998-10-22 04:01 237,056 --a------ C:\WINDOWS\system32\NMFAST40.BPL
2007-12-27 13:57 . 2007-12-27 13:57 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\WINDOWS
2007-12-27 13:57 . 1999-02-17 04:02 1,888,224 --a------ C:\WINDOWS\system32\VCL40.BPL
2007-12-27 13:57 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-27 13:57 . 1998-06-17 04:00 252,408 --a------ C:\WINDOWS\system32\VCLX40.BPL
2007-12-27 13:57 . 1998-10-22 04:01 107,512 --a------ C:\WINDOWS\system32\INET40.BPL
2007-12-27 13:57 . 1998-10-22 04:01 71,160 --a------ C:\WINDOWS\system32\VCLSMP40.BPL
2007-12-27 13:50 . 2001-05-22 06:00 1,324,032 --a------ C:\WINDOWS\system32\vcl60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 637,440 --a------ C:\WINDOWS\system32\rtl60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 213,504 --a------ C:\WINDOWS\system32\vclx60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 96,256 --a------ C:\WINDOWS\system32\vcljpg60.bpl
2007-12-27 13:50 . 2001-05-22 06:00 62,464 --a------ C:\WINDOWS\system32\VCLSMP60.BPL
2007-12-27 13:48 . 2008-01-13 18:51 <DIR> d-------- C:\Program Files\SimSig
2007-12-26 12:12 . 2008-01-22 20:51 <DIR> d-------- C:\Documents and Settings\Ryan Palmer\Application Data\Hamachi
2007-12-26 12:11 . 2007-12-26 12:12 <DIR> d-------- C:\Program Files\Hamachi
2007-12-26 12:11 . 2007-12-26 12:11 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-26 04:33 . 2007-12-26 04:34 <DIR> d--h----- C:\_Memeo
2007-12-25 22:54 . 2007-12-25 22:54 <DIR> d-------- C:\Program Files\Western Digital
2007-12-25 22:53 . 2007-12-25 22:53 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2007-12-25 22:52 . 2007-12-25 22:53 <DIR> d-------- C:\Program Files\Memeo
2007-12-25 22:52 . 2007-12-25 22:53 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2007-12-25 22:51 . 2007-12-25 22:51 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-12-24 13:46 . 2007-12-24 13:46 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
2007-12-24 11:46 . 2007-12-24 11:46 <DIR> d-------- C:\Program Files\SplitCam
2007-12-24 11:46 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2007-12-22 13:23 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-12-18 21:32 . 2007-12-23 02:13 <DIR> d-------- C:\Program Files\Bus-Simulator 2008
2007-12-17 07:42 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-07 18:55 . 2007-11-10 10:57 <DIR> d-------- C:\Program Files\ATS-052b
2007-12-04 16:18 . 2007-12-04 16:18 131,072 --a------ C:\WINDOWS\system\ZipDll.Dll
2007-12-04 16:18 . 2007-12-04 16:18 116,224 --a------ C:\WINDOWS\system\UnzDll.Dll
2007-12-03 15:07 . 2007-12-03 15:07 756,736 --------- C:\WINDOWS\system32\ir41_32.dll
2007-12-03 15:07 . 2007-12-03 15:07 143,872 --------- C:\WINDOWS\system32\iacenc.dll
2007-12-03 15:07 . 2007-12-03 15:07 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll
2007-12-02 13:50 . 2007-12-02 13:50 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-01 03:00 . 2007-12-01 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 22:03 --------- d-----w C:\Documents and Settings\Ryan Palmer\Application Data\LimeWire
2008-01-30 21:55 --------- d-----w C:\Program Files\eMule
2008-01-30 16:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 15:15 --------- d-----w C:\Documents and Settings\Ryan Palmer\Application Data\XnView
2008-01-30 06:49 --------- d-----w C:\Documents and Settings\Ryan Palmer\Application Data\BitTorrent
2008-01-29 18:49 --------- d-----w C:\Program Files\Traffic
2008-01-28 14:55 3,066 ----a-w C:\Documents and Settings\Ryan Palmer\Application Data\wklnhst.dat
2008-01-19 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-01-14 10:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 10:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-10 14:45 --------- d-----w C:\Program Files\Rail Simulator
2008-01-10 10:14 --------- d-----w C:\Program Files\iTunes
2007-12-31 19:38 --------- d-----w C:\Program Files\Microsoft Games
2007-12-30 15:47 --------- d-----w C:\Program Files\LimeWire
2007-12-28 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-27 13:22 --------- d-----w C:\Program Files\Google
2007-12-26 00:38 --------- d-----w C:\Program Files\Picasa2
2007-12-17 02:43 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 02:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-30 22:51 --------- d-----w C:\Program Files\Audacity
2007-11-30 08:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-30 08:33 --------- d-----w C:\Program Files\Windows Live
2007-11-29 09:09 --------- d-----w C:\Program Files\Bus Driver
2007-11-28 17:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-09 20:14 813,056 ----a-w C:\WINDOWS\isRS-000.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{428A8ABE-8777-4FF4-8818-2EE00072644D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{753D709F-3598-4892-BA1A-E85F119B18E9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BySoft FreeRAM"="C:\Program Files\BySoft FreeRAM\FreeRAM.exe" [2004-12-17 21:44 328192]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 20:48 455968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 22528]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 90112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-03 17:56 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 43520]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 15:54 774168]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 16:22 1132056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 237568]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1634304 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 393216]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 22528]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

C:\Documents and Settings\Ryan Palmer\Menu Start\Programma's\Opstarten\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-11-21 11:38:13 568320]
Memeo AutoBackup Launcher.lnk - C:\Documents and Settings\Ryan Palmer\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2007-12-25 22:52:40 81920]
Memeo AutoSync Launcher.lnk - C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe [2007-07-06 17:28:44 134168]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-14 11:07:44 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgdcy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Ryan Palmer^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Ryan Palmer\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-09-25 16:58 286016 C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
--a------ 2004-12-17 21:44 328192 C:\Program Files\BySoft FreeRAM\FreeRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:03 22528 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2007-05-13 15:57 5316608 C:\Program Files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 09:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
--a------ 2007-04-26 15:54 774168 C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
--a------ 2007-04-26 16:22 1132056 C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-09-19 20:48 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 229376 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-10 00:11 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 08:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 17:14 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 17:14 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1634304 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 393216 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 09:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 43520 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"IDriverT"=3 (0x3)
"hpdj"=2 (0x2)
"gusvc"=3 (0x3)

S3 PciCon;PciCon;K:\PciCon.sys

S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-01-31 17:30]
S4 AutoSyncService;Memeo AutoSync ;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 17:28]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-24 20:45:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 18:01:20
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2008-01-31 18:11:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 17:11:16
ComboFix2.txt 2008-01-31 16:47:08
ComboFix3.txt 2008-01-31 15:58:27
ComboFix4.txt 2008-01-31 13:14:53
.
2008-01-10 02:02:53 --- E O F ---

**Marckie** · 31-01-08, 18:22

Verwijder dit bestand: I:\Autorun.inf

Maak een nieuwe hijackthislog en post deze.

Zijn er nog problemen?

**Ryan91** · 31-01-08, 18:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:29, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.openbaarvervoerinboskoop.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {428A8ABE-8777-4FF4-8818-2EE00072644D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {753D709F-3598-4892-BA1A-E85F119B18E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifgdcy - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10240 bytes

Tot zover geen problemen meer. Internet doet het nu gewoon weer goed en snel. Nog geen verdere problemen gehad!

Heel erg bedankt voor de hulp! eindelijk weer een goed werkende PC!

Ryan

**Marckie** · 31-01-08, 18:31

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: (no name) - {428A8ABE-8777-4FF4-8818-2EE00072644D} - (no file)
O2 - BHO: (no name) - {753D709F-3598-4892-BA1A-E85F119B18E9} - (no file)
O20 - Winlogon Notify: iifgdcy - C:\WINDOWS\

Klik daarna op "Fix checked" en sluit HijackThis af.

Herstart de computer.

Start HijackThis opnieuw, maak een nieuwe log en post deze.

Mededeling

Computer zeer traag

Computer zeer traag

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment