Mededeling

Collapse
No announcement yet.

Trojan-Spy>bzub

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan-Spy>bzub

    Hallo,

    sinds 6-2 ben ik de "gelukkige" eigenaar van het Trojan-Spy.Bzub Trojaanse paard. (zo herkend Spydoctor hem althans)

    Avast herkent hem als het Win32:BHO-KD trojaans paard, maar kan het bestand BATMETE.DLL niet verwijderen. Ik heb inmiddels de volgende scan/spyware programma's actief, maar geen van al kan het TRJ verwijderen:
    Avast antivirus
    Norton Internet Sec 2008
    Spydoctor
    S&D

    HELP!!!

    Bijgaand een log van HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:47:13, on 8-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Belkin\F1U201.401\usbshare.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: (no name) - {92A6E3D7-A2A9-495F-B082-92D59318EFCB} - C:\WINDOWS\system32\batmete.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Global Startup: F1U201.401.lnk = ?
    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107956750187
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190756572281
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAAAE21-0AB8-4226-80AD-2170DD38F480}: NameServer = 194.109.104.104,194.109.6.66
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    --

    --- Report generated: 2008-02-07 15:26 ---

    Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Instellingen (Registerwijziging., fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

    NewsUpdate: [SBI $035E254B] Instellingen (Register sleutel, fixed)
    HKEY_LOCAL_MACHINE\Software\Creative Tech\Software Installed\News

    NewsUpdate: [SBI $2239AFB4] Programma-map (Map, fixed)
    C:\Program Files\Creative\News\

    NewsUpdate: [SBI $032DC19C] Root class (Register sleutel, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CTMARQ.CTMarqCtrl.1

    NewsUpdate: [SBI $032DC19C] Class ID (Register sleutel, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B43B81-8B3C-11D4-B615-00A0C98E9F5B}

    NewsUpdate: [SBI $4CDCC3D5] Class ID (CTMarq Property Page) (Register sleutel, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B43B82-8B3C-11D4-B615-00A0C98E9F5B}

    NewsUpdate: [SBI $4CDCC3D5] Interface (_DCTMarq) (Register sleutel, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C1B43B7F-8B3C-11D4-B615-00A0C98E9F5B}

    NewsUpdate: [SBI $4CDCC3D5] Interface (_DCTMarqEvents) (Register sleutel, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C1B43B80-8B3C-11D4-B615-00A0C98E9F5B}

    NewsUpdate: [SBI $4CDCC3D5] Soort library (CTMarq ActiveX Control module) (Register sleutel, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C1B43B7E-8B3C-11D4-B615-00A0C98E9F5B}


    --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

    2008-01-28 blindman.exe (1.0.0.7)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2008-01-28 SDMain.exe (1.0.0.5)
    2007-10-07 SDShred.exe (1.0.1.2)
    2008-01-28 SDUpdate.exe (1.0.8.8)
    2008-01-28 SDWinSec.exe (1.0.0.11)
    2008-01-28 SpybotSD.exe (1.5.2.20)
    2008-01-28 TeaTimer.exe (1.5.2.16)
    2008-02-07 unins000.exe (51.49.0.0)
    2008-01-28 Update.exe (1.4.0.6)
    2008-01-28 advcheck.dll (1.5.4.5)
    2007-04-02 aports.dll (2.1.0.0)
    2007-11-17 DelZip179.dll (1.79.7.4)
    2008-01-28 SDFiles.dll (1.5.1.19)
    2008-01-28 SDHelper.dll (1.5.0.11)
    2008-01-28 Tools.dll (2.1.3.3)
    2008-02-06 Includes\Cookies.sbi (*)
    2007-12-26 Includes\Dialer.sbi (*)
    2008-02-06 Includes\DialerC.sbi (*)
    2008-02-06 Includes\HeavyDuty.sbi (*)
    2008-02-06 Includes\Hijackers.sbi (*)
    2008-02-06 Includes\HijackersC.sbi (*)
    2007-10-04 Includes\Keyloggers.sbi (*)
    2008-02-06 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-01-16 Includes\Malware.sbi (*)
    2008-02-06 Includes\MalwareC.sbi (*)
    2007-10-24 Includes\PUPS.sbi (*)
    2008-02-06 Includes\PUPSC.sbi (*)
    2008-02-06 Includes\Revision.sbi (*)
    2008-01-09 Includes\Security.sbi (*)
    2008-02-06 Includes\SecurityC.sbi (*)
    2008-01-23 Includes\Spybots.sbi (*)
    2008-02-06 Includes\SpybotsC.sbi (*)
    2007-11-06 Includes\Tracks.uti
    2008-02-06 Includes\Trojans.sbi (*)
    2008-02-06 Includes\TrojansC.sbi (*)
    2007-12-24 Plugins\TCPIPAddress.dll





    Hieronder een korte log van Avast:
    02/07/2008 15:40
    Doorzoeken van alle lokale stations
    Bestand C:\Games\Webgames\Games\Feeding Frenzy\FeedingFrenzy_kg.exe is besmet door Win32:Small-DT2 [Wrm], Verwijderd
    Bestand C:\System Volume Information\_restore{AD7223A0-B62A-442C-8032-AA799131BCE5}\RP1\A0000197.exe is besmet door Win32:Small-DT2 [Wrm], Verwijderd
    Bestand C:\WINDOWS\system32\batmete.dll\[UPX] is besmet door Win32:BHO-KD [Trj], Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Verplaatsen naar kluis: Fout 0xC0000022 {Toegang geweigerd}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Verplaatsen: Fout 0xC0000022 {Toegang geweigerd}, Verplaatsen naar kluis: Fout 0xC0000022 {Toegang geweigerd}, Herstellen: Fout 42060 {Het bestand werd niet gerepareerd.}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Verplaatsen naar kluis: Fout 0xC0000022 {Toegang geweigerd}, Verplaatsen: Fout 0xC0000022 {Toegang geweigerd}

    Doorzoeken onderbroken

    Aantal doorzochte mappen: 7445
    Aantal gecontroleerde bestanden: 161637
    Aantal besmette bestanden: 3

    ----------------------------------------
    02/07/2008 17:35
    Doorzoeken van alle lokale stations
    Bestand C:\WINDOWS\system32\batmete.dll\[UPX] is besmet door Win32:BHO-KD [Trj]
    ----------------------------------------
    02/07/2008 18:15
    Doorzoeken van alle lokale stations
    Bestand C:\WINDOWS\system32\batmete.dll\[UPX] is besmet door Win32:BHO-KD [Trj], Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Vewijderen: Fout 0xC0000022 {Toegang geweigerd}, Verplaatsen naar kluis: Fout 0xC0000022 {Toegang geweigerd}

    Aantal doorzochte mappen: 8884
    Aantal gecontroleerde bestanden: 189268
    Aantal besmette bestanden: 1

  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Trojan-Spy.Bzub

      Ok. Gedaan. Hieronder de logfile:


      ComboFix 08-02.05.3 - Gebruiker 2008-02-08 10:06:11.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.533 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
      .

      2008-02-08 08:46 . 2008-02-08 08:46 <DIR> d-------- C:\Program Files\Trend Micro
      2008-02-08 08:45 . 2008-02-08 08:48 <DIR> d-------- C:\HJT
      2008-02-08 07:46 . 2008-02-08 07:46 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
      2008-02-07 15:38 . 2008-02-08 09:02 <DIR> d-------- C:\Program Files\Alwil Software
      2008-02-07 15:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-02-07 15:38 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
      2008-02-07 15:38 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-02-07 15:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-02-07 15:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-02-07 15:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-02-07 15:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-02-07 15:38 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-02-07 14:51 . 2008-02-07 14:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-07 14:51 . 2008-02-07 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-07 12:54 . 2008-02-07 13:30 <DIR> d-------- C:\Program Files\Enigma Software Group
      2008-02-07 12:32 . 2008-02-07 12:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
      2008-02-07 11:13 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-02-07 11:13 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-02-07 11:13 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-02-07 11:13 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-02-07 11:12 . 2008-02-07 11:24 <DIR> d-------- C:\Program Files\Spyware Doctor
      2008-02-07 11:12 . 2008-02-07 14:49 <DIR> d-------- C:\Program Files\Search & Destroy
      2008-02-07 11:12 . 2008-02-07 11:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PC Tools
      2008-02-07 11:00 . 2005-02-09 14:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
      2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
      2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
      2008-02-07 11:00 . 2005-02-09 15:20 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
      2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
      2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
      2008-02-06 23:58 . 2008-02-06 23:58 4,096 --a------ C:\WINDOWS\d3dx.dat
      2008-02-06 21:58 . 2008-02-06 21:58 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Chocolate Castle
      2008-02-06 20:01 . 19,584 C:\WINDOWS\system32\drivers\ewdyqhub.dat
      2008-02-06 19:48 . 2004-08-04 13:00 84,992 --a------ C:\WINDOWS\system32\batmete.dll
      2008-02-06 10:58 . 2008-02-08 09:55 <DIR> dr-h----- C:\Documents and Settings\Gebruiker\Onlangs geopend
      2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
      2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
      2008-02-04 21:12 . 2008-02-04 21:14 <DIR> d-------- C:\Program Files\Jasc Software Inc
      2008-02-04 21:12 . 2008-02-04 21:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Jasc Software Inc
      2008-02-03 17:25 . 2008-02-03 17:25 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Symantec
      2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\Program Files\Windows Sidebar
      2008-02-03 17:23 . 2008-02-04 12:33 <DIR> d-------- C:\Program Files\Norton Internet Security
      2008-02-03 17:22 . 2008-02-04 12:24 <DIR> d-------- C:\Program Files\Symantec
      2008-02-03 17:22 . 2008-02-08 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
      2008-02-03 17:22 . 2008-02-04 12:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
      2008-02-03 17:22 . 2008-02-04 12:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
      2008-02-03 17:22 . 2008-02-04 12:24 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
      2008-02-03 17:22 . 2008-02-04 12:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
      2008-02-03 17:21 . 2008-02-08 10:04 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
      2008-02-03 11:55 . 2008-02-03 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
      2008-02-03 11:54 . 2008-02-03 11:55 <DIR> d-------- C:\Program Files\Norton
      2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\FloodLightGames
      2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
      2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PlayFirst
      2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
      2008-01-12 20:16 . 2008-01-12 20:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-08 07:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-02-08 06:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\WTablet
      2008-02-07 14:26 --------- d-----w C:\Program Files\Creative
      2008-02-07 13:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
      2008-02-07 13:16 --------- d-----w C:\Program Files\RegClean
      2008-02-07 13:16 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\RegClean
      2008-02-07 10:22 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AdobeUM
      2008-02-06 17:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
      2008-02-04 21:02 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AmuletAdventure
      2008-02-04 20:13 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-02-04 20:11 --------- d-----w C:\Program Files\Paintshop
      2008-02-03 16:18 --------- d-----w C:\Program Files\Panda Software
      2008-02-03 16:18 --------- d-----w C:\Program Files\Common Files\Panda Software
      2008-02-03 01:29 --------- d-----w C:\Program Files\Java
      2008-01-30 23:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-01-22 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
      2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
      2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
      2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
      2008-01-07 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
      2008-01-06 14:05 --------- d-----w C:\Program Files\Candy Land - Dora the Explorer Edition
      2008-01-06 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
      2008-01-06 13:56 --------- d-----w C:\Program Files\bfgclient
      2008-01-06 13:46 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Home Sweet Home
      2008-01-05 18:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Abra Academy2
      2008-01-01 18:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Flood Light Games
      2008-01-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
      2007-12-31 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
      2007-12-31 14:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\ViquaSoft
      2007-12-31 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflexive
      2007-12-30 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
      2007-12-26 12:09 --------- d-----w C:\Program Files\ReflexiveArcade
      2007-12-10 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-07 18:55 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
      2007-11-30 13:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2007-11-14 15:36 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
      2007-11-14 15:36 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
      2007-11-14 15:36 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
      2007-11-14 15:08 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
      2007-11-14 14:41 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
      2007-11-14 14:41 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
      2007-11-04 16:33 8,192 --sha-w C:\Program Files\Thumbs.db
      2001-11-23 05:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
      2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
      2008-02-03 17:43 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A6E3D7-A2A9-495F-B082-92D59318EFCB}]
      2004-08-04 13:00 84992 --a------ C:\WINDOWS\system32\batmete.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {47833539-D0C5-4125-9FA8-0819E2EAAC93}
      {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

      [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

      [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
      [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
      "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
      "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
      "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00 28672]
      "Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 14:52 28672]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
      "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "SetDefaultMIDI"="MIDIDEF.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      F1U201.401.lnk - C:\Program Files\Belkin\F1U201.401\usbshare.exe [2007-09-10 15:30:20 135168]
      Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-02-06 10:36:15 36864]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=PAVWAIT.DLL

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
      backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
      backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Werkbalk.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Werkbalk.lnk
      backup=C:\WINDOWS\pss\Microsoft Office Werkbalk.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
      backup=C:\WINDOWS\pss\Office Opstarten.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^Registration .LNK]
      path=C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\Registration .LNK
      backup=C:\WINDOWS\pss\Registration .LNKStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series (Kopie 1)]
      --a------ 2006-02-21 05:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
      C:\Program Files\Ahead\InCD\InCD.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
      --------- 2001-04-20 14:52 28672 C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
      --------- 2005-06-02 15:03 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2007-10-04 17:14 81920 C:\WINDOWS\system32\NvMcTray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
      -ra------ 2004-06-11 04:15 83968 C:\WINDOWS\system32\nvraidservice.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2006-03-22 22:26 155648 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
      --a------ 2007-10-18 17:03 8770792 C:\Program Files\RegClean\RegClean.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
      C:\WINDOWS\system32\sprt_ads.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2005-06-03 02:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar]
      --------- 2001-07-26 01:00 118784 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
      --------- 2001-06-29 01:00 163840 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

      R0 ocgeuqwy;ocgeuqwy;C:\WINDOWS\system32\drivers\ewdyqhub.dat
      R1 SSHDRV52;SSHDRV52;C:\WINDOWS\system32\drivers\SSHDRV52.sys [2007-06-26 19:21]
      R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
      R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-25 00:27]
      R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 06:28]
      R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
      R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
      R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
      R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 10:12]
      R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
      R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
      S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce88fd46-3b29-11db-81c0-00022da5425b}]
      \Shell\AutoRun\command - F:\setupSNK.exe

      *Newly Created Service* - COMHOST
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-04 20:52:40 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Gebruiker.job"
      - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
      "2008-02-05 02:30:12 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
      - C:\Program Files\RegClean\RegClean.ex
      - C:\Program Files\RegClea
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-08 10:10:25
      Windows 5.1.2600 Service Pack 2 NTFS

      detected NTDLL code modification:
      ZwClose

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2???9~??9~????????\???\???|???$???U?9~??9~\???\? ??|?????_???????:~\???\??????s????\??????s\????&2?A??s?&2???:~???

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-08 10:12:01
      .
      2008-01-08 20:28:13 --- E O F ---

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


        Driver::
        ocgeuqwy

        File::
        C:\WINDOWS\system32\batmete.dll
        C:\WINDOWS\system32\drivers\ewdyqhub.dat

        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A6E3D7-A2A9-495F-B082-92D59318EFCB}]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

        Comment


        • #5
          Trojan-Spy.Bzub

          Ok. gedaan. Hier komen de logs:
          1. Combofixlog
          2. HijackThis log

          1. Combofixlog:

          ComboFix 08-02.05.3 - Gebruiker 2008-02-08 10:43:36.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.534 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Gebruiker\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\WINDOWS\system32\batmete.dll
          C:\WINDOWS\system32\drivers\ewdyqhub.dat
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\batmete.dll
          C:\WINDOWS\system32\drivers\ewdyqhub.dat

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_OCGEUQWY
          -------\ocgeuqwy


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
          .

          2008-02-08 08:46 . 2008-02-08 08:46 <DIR> d-------- C:\Program Files\Trend Micro
          2008-02-08 08:45 . 2008-02-08 08:48 <DIR> d-------- C:\HJT
          2008-02-07 15:38 . 2008-02-08 09:02 <DIR> d-------- C:\Program Files\Alwil Software
          2008-02-07 15:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
          2008-02-07 15:38 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
          2008-02-07 15:38 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
          2008-02-07 15:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
          2008-02-07 15:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
          2008-02-07 15:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
          2008-02-07 15:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
          2008-02-07 15:38 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
          2008-02-07 14:51 . 2008-02-07 14:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
          2008-02-07 14:51 . 2008-02-07 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-07 12:54 . 2008-02-07 13:30 <DIR> d-------- C:\Program Files\Enigma Software Group
          2008-02-07 12:32 . 2008-02-07 12:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
          2008-02-07 11:13 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-02-07 11:13 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-02-07 11:13 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-02-07 11:13 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2008-02-07 11:12 . 2008-02-07 11:24 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-02-07 11:12 . 2008-02-07 14:49 <DIR> d-------- C:\Program Files\Search & Destroy
          2008-02-07 11:12 . 2008-02-07 11:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PC Tools
          2008-02-07 11:00 . 2005-02-09 14:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
          2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
          2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
          2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
          2008-02-07 11:00 . 2005-02-09 15:20 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
          2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
          2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
          2008-02-06 23:58 . 2008-02-06 23:58 4,096 --a------ C:\WINDOWS\d3dx.dat
          2008-02-06 21:58 . 2008-02-06 21:58 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Chocolate Castle
          2008-02-06 10:58 . 2008-02-08 10:41 <DIR> dr-h----- C:\Documents and Settings\Gebruiker\Onlangs geopend
          2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
          2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
          2008-02-04 21:12 . 2008-02-04 21:14 <DIR> d-------- C:\Program Files\Jasc Software Inc
          2008-02-04 21:12 . 2008-02-04 21:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Jasc Software Inc
          2008-02-03 17:25 . 2008-02-03 17:25 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Symantec
          2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\Program Files\Windows Sidebar
          2008-02-03 17:23 . 2008-02-04 12:33 <DIR> d-------- C:\Program Files\Norton Internet Security
          2008-02-03 17:22 . 2008-02-04 12:24 <DIR> d-------- C:\Program Files\Symantec
          2008-02-03 17:22 . 2008-02-08 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
          2008-02-03 17:22 . 2008-02-04 12:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
          2008-02-03 17:22 . 2008-02-04 12:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
          2008-02-03 17:22 . 2008-02-04 12:24 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
          2008-02-03 17:22 . 2008-02-04 12:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
          2008-02-03 17:21 . 2008-02-08 10:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
          2008-02-03 11:55 . 2008-02-03 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
          2008-02-03 11:54 . 2008-02-03 11:55 <DIR> d-------- C:\Program Files\Norton
          2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\FloodLightGames
          2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
          2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PlayFirst
          2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
          2008-01-12 20:16 . 2008-01-12 20:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-08 09:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-02-08 09:50 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\WTablet
          2008-02-07 14:26 --------- d-----w C:\Program Files\Creative
          2008-02-07 13:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
          2008-02-07 13:16 --------- d-----w C:\Program Files\RegClean
          2008-02-07 13:16 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\RegClean
          2008-02-07 10:22 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AdobeUM
          2008-02-06 17:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
          2008-02-04 21:02 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AmuletAdventure
          2008-02-04 20:13 --------- d-----w C:\Program Files\Common Files\InstallShield
          2008-02-04 20:11 --------- d-----w C:\Program Files\Paintshop
          2008-02-03 16:18 --------- d-----w C:\Program Files\Panda Software
          2008-02-03 16:18 --------- d-----w C:\Program Files\Common Files\Panda Software
          2008-02-03 01:29 --------- d-----w C:\Program Files\Java
          2008-01-30 23:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
          2008-01-22 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
          2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
          2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
          2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
          2008-01-07 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
          2008-01-06 14:05 --------- d-----w C:\Program Files\Candy Land - Dora the Explorer Edition
          2008-01-06 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
          2008-01-06 13:56 --------- d-----w C:\Program Files\bfgclient
          2008-01-06 13:46 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Home Sweet Home
          2008-01-05 18:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Abra Academy2
          2008-01-01 18:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Flood Light Games
          2008-01-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
          2007-12-31 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
          2007-12-31 14:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\ViquaSoft
          2007-12-31 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflexive
          2007-12-30 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
          2007-12-26 12:09 --------- d-----w C:\Program Files\ReflexiveArcade
          2007-12-10 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-07 18:55 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
          2007-11-30 13:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
          2007-11-14 15:36 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
          2007-11-14 15:36 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
          2007-11-14 15:36 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
          2007-11-14 15:08 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
          2007-11-14 14:41 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
          2007-11-14 14:41 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
          2007-11-04 16:33 8,192 --sha-w C:\Program Files\Thumbs.db
          2001-11-23 05:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
          2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
          2008-02-03 17:43 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          {47833539-D0C5-4125-9FA8-0819E2EAAC93}
          {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

          [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
          "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

          [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
          "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
          "UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
          "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
          "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
          "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00 28672]
          "Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 14:52 28672]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
          "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
          "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
          "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "SetDefaultMIDI"="MIDIDEF.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          F1U201.401.lnk - C:\Program Files\Belkin\F1U201.401\usbshare.exe [2007-09-10 15:30:20 135168]
          Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-02-06 10:36:15 36864]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=PAVWAIT.DLL

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
          backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
          backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Werkbalk.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Werkbalk.lnk
          backup=C:\WINDOWS\pss\Microsoft Office Werkbalk.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
          backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
          backup=C:\WINDOWS\pss\Office Opstarten.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^Registration .LNK]
          path=C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\Registration .LNK
          backup=C:\WINDOWS\pss\Registration .LNKStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series (Kopie 1)]
          --a------ 2006-02-21 05:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
          C:\Program Files\Ahead\InCD\InCD.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
          --------- 2001-04-20 14:52 28672 C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
          --------- 2005-06-02 15:03 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
          --a------ 2007-10-04 17:14 81920 C:\WINDOWS\system32\NvMcTray.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
          -ra------ 2004-06-11 04:15 83968 C:\WINDOWS\system32\nvraidservice.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
          --a------ 2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2006-03-22 22:26 155648 C:\Program Files\QuickTime\qttask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
          --a------ 2007-10-18 17:03 8770792 C:\Program Files\RegClean\RegClean.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar]
          --------- 2001-07-26 01:00 118784 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
          --------- 2001-06-29 01:00 163840 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

          R1 SSHDRV52;SSHDRV52;C:\WINDOWS\system32\drivers\SSHDRV52.sys [2007-06-26 19:21]
          R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
          R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-25 00:27]
          R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 06:28]
          R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
          R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
          R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 10:12]
          R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
          R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
          S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
          S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce88fd46-3b29-11db-81c0-00022da5425b}]
          \Shell\AutoRun\command - F:\setupSNK.exe

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-04 20:52:40 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Gebruiker.job"
          - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
          "2008-02-05 02:30:12 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
          - C:\Program Files\RegClean\RegClean.ex
          - C:\Program Files\RegClea
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-08 10:51:20
          Windows 5.1.2600 Service Pack 2 NTFS

          detected NTDLL code modification:
          ZwClose

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          HKLM\Software\Microsoft\Windows\CurrentVersion\Run
          CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????82???9~??9~????????\???\???????$???U?9~??9~\???\? ????????_???????:~\???\??????s????\??????s\???x82?A??sx82???:~???

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\WINDOWS\system32\CTsvcCDA.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\WINDOWS\system32\Tablet.exe
          C:\WINDOWS\system32\MsPMSPSv.exe
          C:\WINDOWS\system32\WTablet\TabUserW.exe
          C:\WINDOWS\system32\Tablet.exe
          C:\Program Files\Windows Media Player\WMPNetwk.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-08 10:55:49 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-08 09:55:42
          ComboFix2.txt 2008-02-08 09:12:02
          .
          2008-01-08 20:28:13 --- E O F ---


          2. Hijackthis Log

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 10:57:07, on 8-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\WINDOWS\system32\CTsvcCDA.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\Program Files\Spyware Doctor\pctsTray.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\Tablet.exe
          C:\WINDOWS\system32\MsPMSPSv.exe
          C:\WINDOWS\system32\WTablet\TabUserW.exe
          C:\WINDOWS\system32\Tablet.exe
          C:\Program Files\Windows Media Player\WMPNetwk.exe
          C:\WINDOWS\CTHELPER.EXE
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Windows Media Player\WMPNSCFG.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files\Belkin\F1U201.401\usbshare.exe
          C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\System32\alg.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
          O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
          O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
          O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
          O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
          O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
          O4 - Global Startup: F1U201.401.lnk = ?
          O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
          O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107956750187
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190756572281
          O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
          O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAAAE21-0AB8-4226-80AD-2170DD38F480}: NameServer = 194.109.104.104,194.109.6.66
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
          O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
          O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

          --
          End of file - 10152 bytes

          Comment


          • #6
            Je Java software is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
            Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
            • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle

            Comment


            • #7
              Trojan-Spy.Bzub

              Alle instructies opgevolgd. Alvast bedankt

              hierbij mijn laatste log van HijackThis:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 11:30:47, on 8-2-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              C:\Program Files\Alwil Software\Avast4\ashServ.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              C:\WINDOWS\system32\CTsvcCDA.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Spyware Doctor\pctsAuxs.exe
              C:\Program Files\Spyware Doctor\pctsSvc.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Spyware Doctor\pctsTray.exe
              C:\WINDOWS\system32\Tablet.exe
              C:\WINDOWS\system32\MsPMSPSv.exe
              C:\WINDOWS\system32\WTablet\TabUserW.exe
              C:\WINDOWS\system32\Tablet.exe
              C:\Program Files\Windows Media Player\WMPNetwk.exe
              C:\WINDOWS\CTHELPER.EXE
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Windows Media Player\WMPNSCFG.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Belkin\F1U201.401\usbshare.exe
              C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
              C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              C:\WINDOWS\System32\alg.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
              O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
              O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
              O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
              O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
              O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
              O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
              O4 - Global Startup: F1U201.401.lnk = ?
              O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
              O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107956750187
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190756572281
              O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
              O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAAAE21-0AB8-4226-80AD-2170DD38F480}: NameServer = 194.109.104.104,194.109.6.66
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
              O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
              O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

              --
              End of file - 10428 bytes

              Comment


              • #8
                Logje ziet er in mijn ogen weer prima uit

                Comment


                • #9
                  Trojan-Spy.Bzub

                  Na jullie adviezen, heb ik opnieuw Spydoctor gedraaid. het verdomde trojaanse paard is verdwenen! Er zijn wel een 7-tal andere trojanen en spywares ontdekt, maar deze kon Spydoctor prima aan! Ik ben clean!

                  Superbedankt. Met name ook voor de snelheid. De donatie komt eraan!

                  groet

                  Comment


                  • #10
                    Graag gedaan hoor, fijn dat het allemaal gelukt is

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X