Mededeling

Collapse
No announcement yet.

core.cache.dsk

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • core.cache.dsk

    Hallo,

    Ik heb sinds kort last van vervelende popups, en wil hier natuurlijk vanaf.
    Hierbij mijn logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:19:56, on 8/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Program Protector\ProtectorService.exe
    C:\WINDOWS\system32\routing.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    D:\software\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\System32\alg.exe
    D:\software\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\software\SPAMfighter\SFAgent.exe
    D:\software\qttask.exe
    D:\My ISO Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\software\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    D:\software\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    D:\software\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\software\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\software\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\software\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\software\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\software\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: CallingID for IE - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - D:\software\CallingID\CallingIDIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - D:\software\CallingID\CallingIDIE.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\software\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\software\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [QuickTime Task] "D:\software\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\My ISO Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [Verjaardagen] D:\Program Files\verjaardagen1\Verjaardagen.exe auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\software\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: SpywareGuard.lnk = D:\software\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\software\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\software\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\software\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\software\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\software\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\software\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\software\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\software\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106157913236
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://84.80.114.47:443/activex/AMC.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Program Protector System Service (ProgramProtectorService) - Unknown owner - C:\Program Files\Program Protector\ProtectorService.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - D:\software\SPAMfighter\sfus.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

    Is er iemand die mij verder kan helpen met verwijderen van deze core.cache.dsk?

    Bij voorbaat dank.

  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      core.cache.dsk combofixlogje

      ComboFix 08-02.05.3 - Bakker-Zuhorn 2008-02-08 15:20:09.2 - FAT32x86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.436 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Bakker-Zuhorn\Bureaublad\ComboFix.exe

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .
      The following files were disabled during the run:
      C:\Program Files\Program Protector\HookTerminateAPIs.dll


      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
      .

      2008-02-08 11:55 . 2008-02-08 11:55 <DIR> d-------- C:\Program Files\Spyware Doctor
      2008-02-08 11:55 . 2007-08-02 10:49 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-02-08 11:55 . 2007-08-02 10:49 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-02-08 11:55 . 2007-08-02 10:49 38,728 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-02-08 11:55 . 2007-08-02 10:49 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-02-08 11:03 . 2008-02-08 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PC Tools
      2008-02-08 11:03 . 2008-02-08 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CallingID
      2008-02-08 11:02 . 2008-02-08 11:02 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
      2008-02-07 00:15 . 2008-02-07 00:14 1,063 --a------ C:\WINDOWS\wininit.sd
      2008-02-06 11:16 . 2008-02-06 11:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-02-06 11:16 . 2008-02-06 11:16 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
      2008-02-06 11:16 . 2008-02-06 11:16 31,744 --a------ C:\WINDOWS\system32\routing.exe
      2008-02-06 11:16 . 2008-02-06 11:16 40 --a------ C:\WINDOWS\system32\drmgs.sys
      2008-02-06 11:15 . 2008-02-06 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
      2008-02-06 11:15 . 2008-02-06 11:16 266,240 --a------ C:\WINDOWS\system32\andt.sys
      2008-02-06 11:13 . 2008-02-06 11:13 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
      2008-02-06 11:13 . 2008-02-06 11:13 86,144 --a------ C:\WINDOWS\system32\drivers\rasptii.sys
      2008-02-06 00:35 . 2008-02-06 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
      2008-02-06 00:24 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
      2008-02-06 00:24 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
      2008-02-06 00:22 . 2008-02-06 00:22 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
      2008-02-05 11:12 . 2008-02-05 11:12 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
      2008-01-26 12:53 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
      2008-01-26 12:53 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
      2008-01-26 12:53 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
      2008-01-26 12:53 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
      2008-01-26 12:53 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
      2008-01-25 15:14 . 2008-01-25 15:14 <DIR> d-------- C:\Program Files\iTunes
      2008-01-25 15:14 . 2008-01-25 15:14 <DIR> d-------- C:\Program Files\iPod
      2008-01-25 15:13 . 2008-01-25 15:13 <DIR> d-------- C:\Program Files\Common Files\Apple
      2008-01-24 18:34 . 2008-01-24 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-01-24 18:33 . 2008-01-24 18:33 <DIR> d-------- C:\Program Files\Apple Software Update
      2008-01-24 18:33 . 2008-01-24 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
      2008-01-18 22:45 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
      2008-01-11 22:44 . 2008-01-11 22:44 1,374 --a------ C:\WINDOWS\imsins.BAK
      2008-01-11 15:18 . 2008-01-11 15:18 <DIR> d-------- C:\Program Files\Common Files\DirectX
      2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
      2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-29 14:35 112,992 ----a-w C:\WINDOWS\system32\drivers\keyscrambler.sys
      2007-12-26 15:16 --------- d-----w C:\Program Files\Microprose
      2007-12-26 12:43 --------- d-----w C:\Program Files\ReflexiveArcade
      2007-12-24 21:29 --------- d-----r C:\Documents and Settings\All Users\Application Data\schijfbewaker
      2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
      2007-12-19 00:21 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
      2007-12-19 00:21 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
      2007-12-19 00:21 --------- d-----w C:\Program Files\OpenAL
      2007-12-15 13:36 --------- d-----w C:\Program Files\ZoneAlarmSB
      2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
      2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
      2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\NVMCTRAY.DLL
      2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
      2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
      2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
      2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
      2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
      2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
      2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
      2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
      2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
      2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
      2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
      2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
      2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
      2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
      2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
      2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
      2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
      2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
      2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
      2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
      2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
      2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
      2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
      2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
      2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
      2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
      2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
      2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
      2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
      2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
      2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
      2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
      2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
      2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
      2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
      2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
      2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
      2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
      2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
      2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
      2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
      2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
      2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
      2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
      2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
      2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
      2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
      2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
      2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
      2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
      2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
      2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
      2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
      2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
      2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
      2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
      2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
      2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
      2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
      2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
      2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
      2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
      2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
      2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
      2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
      2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
      2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
      2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
      2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
      2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
      2005-01-19 18:15 32 --sha-w C:\WINDOWS\{9A689BBA-4532-47CA-BC10-28FA971EA6E2}.dat
      2005-01-19 18:15 32 --sha-w C:\WINDOWS\system32\{A59C887F-81A9-49F9-A2E3-BDC9C3C9A536}.dat
      2007-09-24 14:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {2318C2B1-4965-11D4-9B18-009027A5CD4F}
      {EF99BD32-C1FB-11D2-892F-0090271D4F88}
      {10134636-E7AF-4AC5-A1DC-C7C44BB97D81}
      {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

      [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Verjaardagen"="D:\Program Files\verjaardagen1\Verjaardagen.exe" [2005-01-09 15:41 734208]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 15:18 68856]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
      "SpybotSD TeaTimer"="D:\software\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ZoneAlarm Client"="D:\software\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "SPAMfighter Agent"="D:\software\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
      "QuickTime Task"="D:\software\qttask.exe" [2008-01-10 15:27 385024]
      "PWRISOVM.EXE"="D:\My ISO Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
      "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 11:15 579072]
      "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-02 10:49 1063752]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-06 11:16 219136]

      C:\Documents and Settings\Bakker-Zuhorn\Menu Start\Programma's\Opstarten\
      SpywareGuard.lnk - D:\software\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-08 18:35:23 110592]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "Sony Ericsson PC Suite"="D:\software\Application Launcher\Application Launcher.exe" /startoptions
      "nwiz"=nwiz.exe /install
      "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

      R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
      R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
      R1 rasptii;rasptii;C:\WINDOWS\system32\drivers\rasptii.sys [2008-02-06 11:13]
      R2 ProgramProtectorService;Program Protector System Service;C:\Program Files\Program Protector\ProtectorService.exe [2006-06-05 13:45]
      R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2008-02-06 11:16]
      R2 SPAMfighter Update Service;SPAMfighter Update Service;D:\software\SPAMfighter\sfus.exe [2007-10-25 15:29]
      R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
      R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-12-29 15:35]
      S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 21:26]
      S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 21:26]
      S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 21:26]
      S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 21:26]
      S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 21:26]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e44968-81f5-11db-9940-0015f2360c33}]
      \Shell\AutoRun\command - I:\Cym.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-25 16:17:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
      "2008-02-08 13:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-08 15:23:03
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      D:\software\SpywareGuard\sgbhp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-08 15:24:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-08 14:24:38
      .
      2008-01-11 21:45:16 --- E O F ---

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


        Driver::
        rasptii
        Routing

        File::
        C:\WINDOWS\wininit.sd
        C:\WINDOWS\system32\Indt2.sys
        C:\WINDOWS\system32\routing.exe
        C:\WINDOWS\system32\drmgs.sys
        C:\WINDOWS\system32\andt.sys
        C:\WINDOWS\system32\drivers\core.cache.dsk
        C:\WINDOWS\system32\drivers\rasptii.sys

        Folder::
        C:\Documents and Settings\All Users\Application Data\schijfbewaker




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje

        Comment


        • #5
          combofixlogje/hijackthislogje

          ComboFix 08-02.05.3 - Bakker-Zuhorn 2008-02-08 15:57:53.3 - FAT32x86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.459 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Bakker-Zuhorn\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Bakker-Zuhorn\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\WINDOWS\system32\andt.sys
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\drivers\rasptii.sys
          C:\WINDOWS\system32\drmgs.sys
          C:\WINDOWS\system32\Indt2.sys
          C:\WINDOWS\system32\routing.exe
          C:\WINDOWS\wininit.sd
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\drivers\rasptii.sys
          C:\Documents and Settings\All Users\Application Data\schijfbewaker
          C:\Documents and Settings\All Users\Application Data\schijfbewaker\Data\em
          C:\Documents and Settings\All Users\Application Data\schijfbewaker\Data\oid
          C:\Documents and Settings\All Users\Application Data\schijfbewaker\Data\user
          C:\WINDOWS\system32\andt.sys
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\drivers\rasptii.sys
          C:\WINDOWS\system32\drmgs.sys
          C:\WINDOWS\system32\Indt2.sys
          C:\WINDOWS\system32\routing.exe
          C:\WINDOWS\wininit.sd

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_RASPTII
          -------\LEGACY_ROUTING
          -------\rasptii
          -------\Routing


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
          .

          2008-02-08 11:55 . 2008-02-08 11:55 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-02-08 11:55 . 2007-08-02 10:49 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-02-08 11:55 . 2007-08-02 10:49 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-02-08 11:55 . 2007-08-02 10:49 38,728 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-02-08 11:55 . 2007-08-02 10:49 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2008-02-08 11:03 . 2008-02-08 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PC Tools
          2008-02-08 11:03 . 2008-02-08 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CallingID
          2008-02-08 11:02 . 2008-02-08 11:02 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
          2008-02-06 11:16 . 2008-02-06 11:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
          2008-02-06 11:15 . 2008-02-06 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
          2008-02-06 00:35 . 2008-02-06 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
          2008-02-06 00:24 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
          2008-02-06 00:24 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
          2008-02-06 00:22 . 2008-02-06 00:22 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
          2008-02-05 11:12 . 2008-02-05 11:12 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
          2008-01-26 12:53 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
          2008-01-26 12:53 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
          2008-01-26 12:53 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
          2008-01-26 12:53 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
          2008-01-26 12:53 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
          2008-01-25 15:14 . 2008-01-25 15:14 <DIR> d-------- C:\Program Files\iTunes
          2008-01-25 15:14 . 2008-01-25 15:14 <DIR> d-------- C:\Program Files\iPod
          2008-01-25 15:13 . 2008-01-25 15:13 <DIR> d-------- C:\Program Files\Common Files\Apple
          2008-01-24 18:34 . 2008-01-24 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
          2008-01-24 18:33 . 2008-01-24 18:33 <DIR> d-------- C:\Program Files\Apple Software Update
          2008-01-24 18:33 . 2008-01-24 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
          2008-01-18 22:45 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
          2008-01-11 22:44 . 2008-01-11 22:44 1,374 --a------ C:\WINDOWS\imsins.BAK
          2008-01-11 15:18 . 2008-01-11 15:18 <DIR> d-------- C:\Program Files\Common Files\DirectX
          2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
          2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-29 14:35 112,992 ----a-w C:\WINDOWS\system32\drivers\keyscrambler.sys
          2007-12-26 15:16 --------- d-----w C:\Program Files\Microprose
          2007-12-26 12:43 --------- d-----w C:\Program Files\ReflexiveArcade
          2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
          2007-12-19 00:21 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
          2007-12-19 00:21 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
          2007-12-19 00:21 --------- d-----w C:\Program Files\OpenAL
          2007-12-15 13:36 --------- d-----w C:\Program Files\ZoneAlarmSB
          2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
          2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
          2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\NVMCTRAY.DLL
          2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
          2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
          2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
          2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
          2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
          2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
          2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
          2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
          2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
          2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
          2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
          2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
          2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
          2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
          2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
          2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
          2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
          2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
          2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
          2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
          2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
          2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
          2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
          2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
          2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
          2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
          2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
          2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
          2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
          2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
          2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
          2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
          2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
          2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
          2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
          2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
          2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
          2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
          2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
          2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
          2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
          2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
          2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
          2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
          2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
          2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
          2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
          2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
          2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
          2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
          2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
          2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
          2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
          2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
          2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
          2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
          2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
          2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
          2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
          2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
          2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
          2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
          2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
          2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
          2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
          2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
          2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
          2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
          2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
          2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
          2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
          2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
          2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
          2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
          2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
          2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
          2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
          2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
          2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
          2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
          2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
          2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
          2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
          2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
          2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
          2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
          2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
          2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
          2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
          2005-01-19 18:15 32 --sha-w C:\WINDOWS\{9A689BBA-4532-47CA-BC10-28FA971EA6E2}.dat
          2005-01-19 18:15 32 --sha-w C:\WINDOWS\system32\{A59C887F-81A9-49F9-A2E3-BDC9C3C9A536}.dat
          2007-09-24 14:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          {2318C2B1-4965-11D4-9B18-009027A5CD4F}
          {EF99BD32-C1FB-11D2-892F-0090271D4F88}
          {10134636-E7AF-4AC5-A1DC-C7C44BB97D81}
          {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

          [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Verjaardagen"="D:\Program Files\verjaardagen1\Verjaardagen.exe" [2005-01-09 15:41 734208]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 15:18 68856]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
          "SpybotSD TeaTimer"="D:\software\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ZoneAlarm Client"="D:\software\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "SPAMfighter Agent"="D:\software\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
          "QuickTime Task"="D:\software\qttask.exe" [2008-01-10 15:27 385024]
          "PWRISOVM.EXE"="D:\My ISO Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
          "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 11:15 579072]
          "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-02 10:49 1063752]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-06 11:16 219136]

          C:\Documents and Settings\Bakker-Zuhorn\Menu Start\Programma's\Opstarten\
          SpywareGuard.lnk - D:\software\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-08 18:35:23 110592]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "Sony Ericsson PC Suite"="D:\software\Application Launcher\Application Launcher.exe" /startoptions
          "nwiz"=nwiz.exe /install
          "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

          R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
          R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
          R2 ProgramProtectorService;Program Protector System Service;C:\Program Files\Program Protector\ProtectorService.exe [2006-06-05 13:45]
          R2 SPAMfighter Update Service;SPAMfighter Update Service;D:\software\SPAMfighter\sfus.exe [2007-10-25 15:29]
          R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
          R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-12-29 15:35]
          S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 21:26]
          S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 21:26]
          S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 21:26]
          S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 21:26]
          S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 21:26]

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          UxTuneUp

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e44968-81f5-11db-9940-0015f2360c33}]
          \Shell\AutoRun\command - I:\Cym.exe

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-25 16:17:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
          - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
          "2008-02-08 13:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-08 16:01:31
          Windows 5.1.2600 Service Pack 2 FAT NTAPI

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: C:\WINDOWS\system32\winlogon.exe
          -> C:\Program Files\Program Protector\HookTerminateAPIs.dll

          PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
          -> C:\Program Files\Program Protector\HookTerminateAPIs.dll

          PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
          -> C:\Program Files\Program Protector\HookTerminateAPIs.dll

          PROCESS: C:\WINDOWS\system32\csrss.exe
          -> C:\Program Files\Program Protector\HookTerminateAPIs.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\Spyware Doctor\svcntaux.exe
          C:\Program Files\Spyware Doctor\swdsvc.exe
          C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\WINDOWS\system32\msiexec.exe
          C:\PROGRA~1\MI3AA1~1\rapimgr.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          D:\software\SpywareGuard\sgbhp.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\iPod\bin\iPodService.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-08 16:03:09 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-08 15:03:00
          ComboFix2.txt 2008-02-08 14:24:46
          .
          2008-01-11 21:45:16 --- E O F ---

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 16:05:04, on 8/02/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\ZONELABS\vsmon.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\Program Protector\ProtectorService.exe
          C:\Program Files\Spyware Doctor\svcntaux.exe
          C:\Program Files\Spyware Doctor\swdsvc.exe
          C:\Program Files\Spyware Doctor\SDTrayApp.exe
          D:\software\SPAMfighter\sfus.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          C:\WINDOWS\System32\alg.exe
          D:\software\ZoneAlarm\zlclient.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          D:\software\SPAMfighter\SFAgent.exe
          D:\software\qttask.exe
          D:\My ISO Files\PowerISO\PWRISOVM.EXE
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\WINDOWS\system32\msiexec.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          D:\software\Spybot - Search & Destroy\TeaTimer.exe
          D:\software\SpywareGuard\sgmain.exe
          C:\PROGRA~1\MI3AA1~1\rapimgr.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          D:\software\SpywareGuard\sgbhp.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          D:\software\CallingID\CallingIDGlobal.exe
          D:\software\hijackthis\HijackThis.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
          O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\software\KeyScrambler\KeyScramblerIE.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\software\BitComet\tools\BitCometBHO_1.2.1.2.dll
          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\software\SpywareGuard\dlprotect.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\software\SPYBOT~1\SDHelper.dll
          O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
          O2 - BHO: CallingID for IE - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - D:\software\CallingID\CallingIDIE.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - D:\software\CallingID\CallingIDIE.dll
          O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
          O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\software\ZoneAlarm\zlclient.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\software\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKLM\..\Run: [QuickTime Task] "D:\software\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\My ISO Files\PowerISO\PWRISOVM.EXE
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
          O4 - HKCU\..\Run: [Verjaardagen] D:\Program Files\verjaardagen1\Verjaardagen.exe auto
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\software\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: SpywareGuard.lnk = D:\software\SpywareGuard\sgmain.exe
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\software\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\software\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\software\BitComet\BitComet.exe/AddAllLink.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
          O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\software\KeyScrambler\KeyScramblerIE.dll
          O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\software\KeyScrambler\KeyScramblerIE.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\software\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\software\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\software\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106157913236
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
          O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://84.80.114.47:443/activex/AMC.cab
          O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: Program Protector System Service (ProgramProtectorService) - Unknown owner - C:\Program Files\Program Protector\ProtectorService.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - D:\software\SPAMfighter\sfus.exe
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

          --
          End of file - 13495 bytes

          Comment


          • #6
            Zegt jouw het volgende programma iets?:
            O23 - Service: Program Protector System Service (ProgramProtectorService) - Unknown owner - C:\Program Files\Program Protector\ProtectorService.exe

            Comment


            • #7
              Nee, eigenlijk niet,

              Comment


              • #8
                Zoek het volgende vetgedrukte bestand op:
                C:\Program Files\Program Protector\ProtectorService.exe

                Upload het eens bij http://www.virustotal.com/nl/
                Laat het daar scannen en post het resultaat van die scan.

                Comment


                • #9
                  resultaat

                  Bestand ProtectorService.exe ontvangen op 2008.02.08 16:51:53 (CET)
                  Huidig status: Laden ... In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT


                  Resultaat: 2/32 (6.25%)
                  Server informatie laden...
                  Je bestand is in de wachtrij geplaatst, plaats: 5.
                  De gemiddelde starttijd ligt tussen 50 en 72 seconden.
                  Laat dit venster open tijdens het scannen.
                  De scanner die je bestand aan het verwerken was is gestopt, gelieve enkele seconden te wachten terwijl we proberen je resultaat te herstellen.
                  Indien u meer dan 5 minuten wachten dient U uw bestand opnieuw in te sturen.
                  Je bestand word op dit moment gescand door VirusTotal,
                  De resultaten worden weergegeven zodra ze beschikbaar zijn.
                  Geformatteerd Resultaten afdrukken
                  Je bestand is vervallen of bestaat niet.
                  De dienst is momenteel gestopt, je bestand staat in de wachtrij (plaats: ) voor een onbekende tijd.

                  Je kan deze pagina open houden en wachten (automatische refresh) of je kan je e-mailadres hieronder invullen en op "Aanvraag verzenden" klikken zodat je de resultaten per mail ontvangt.
                  E-mail:


                  Antivirus Versie Laatst geüpdatet Resultaat
                  AhnLab-V3 2008.2.6.10 2008.02.05 -
                  AntiVir 7.6.0.62 2008.02.08 -
                  Authentium 4.93.8 2008.02.08 -
                  Avast 4.7.1098.0 2008.02.07 -
                  AVG 7.5.0.516 2008.02.08 -
                  BitDefender 7.2 2008.02.08 -
                  CAT-QuickHeal None 2008.02.08 -
                  ClamAV 0.92 2008.02.08 -
                  DrWeb 4.44.0.09170 2008.02.08 -
                  eSafe 7.0.15.0 2008.01.28 -
                  eTrust-Vet 31.3.5521 2008.02.08 -
                  Ewido 4.0 2008.02.08 -
                  FileAdvisor 1 2008.02.08 -
                  Fortinet 3.14.0.0 2008.02.08 -
                  F-Prot 4.4.2.54 2008.02.07 -
                  F-Secure 6.70.13260.0 2008.02.08 Suspicious:W32/Malware!Gemini
                  Ikarus T3.1.1.20 2008.02.08 -
                  Kaspersky 7.0.0.125 2008.02.08 -
                  McAfee 5225 2008.02.07 -
                  Microsoft 1.3204 2008.02.08 -
                  NOD32v2 2860 2008.02.08 -
                  Norman 5.80.02 2008.02.08 -
                  Panda 9.0.0.4 2008.02.07 -
                  Prevx1 V2 2008.02.08 -
                  Rising 20.29.22.00 2008.01.30 -
                  Sophos 4.26.0 2008.02.08 Sus/Madcode-A
                  Sunbelt 2.2.907.0 2008.02.08 -
                  Symantec 10 2008.02.08 -
                  TheHacker 6.2.9.212 2008.02.07 -
                  VBA32 3.12.6.0 2008.02.07 -
                  VirusBuster 4.3.26:9 2008.02.08 -
                  Webwasher-Gateway 6.6.2 2008.02.08 -
                  Extra informatie
                  File size: 183808 bytes
                  MD5: f3c13815202e8e621020500baddd889b
                  SHA1: dfa5305d6387496ddc140f44d5988d18fe6b0a72
                  PEiD: BobSoft Mini Delphi -> BoB / BobSoft

                  Comment


                  • #10
                    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


                    Driver::
                    ProgramProtectorService

                    Folder::
                    C:\Program Files\Program Protector




                    Sla dit op op je Bureaublad als CFScript.txt

                    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                    Dit zal ComboFix doen herstarten.
                    Start opnieuw op als daarom gevraagd wordt,
                    en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje

                    Comment


                    • #11
                      combofixlogje en hijackthislogje

                      ComboFix 08-02.05.3 - Bakker-Zuhorn 2008-02-08 17:11:24.4 - FAT32x86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.239 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\Bakker-Zuhorn\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\Bakker-Zuhorn\Bureaublad\CFScript.txt
                      * Nieuw herstelpunt werd aangemaakt

                      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                      .
                      The following files were disabled during the run:
                      C:\Program Files\Program Protector\HookTerminateAPIs.dll


                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\Program Files\Program Protector
                      C:\Program Files\Program Protector\HookProcessCreation.dll
                      C:\Program Files\Program Protector\HookTerminateAPIs.dll.vir
                      C:\Program Files\Program Protector\license.txt
                      C:\Program Files\Program Protector\protect.chm
                      C:\Program Files\Program Protector\protect.exe
                      C:\Program Files\Program Protector\ProtectorService.exe
                      C:\Program Files\Program Protector\readme.txt
                      C:\Program Files\Program Protector\unins000.dat
                      C:\Program Files\Program Protector\unins000.exe

                      .
                      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                      .
                      -------\LEGACY_PROGRAMPROTECTORSERVICE
                      -------\ProgramProtectorService


                      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
                      .

                      2008-02-08 15:56 . 2004-08-04 12:00 399,360 --a------ C:\kmd.exe
                      2008-02-08 11:55 . 2008-02-08 11:55 <DIR> d-------- C:\Program Files\Spyware Doctor
                      2008-02-08 11:55 . 2007-08-02 10:49 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                      2008-02-08 11:55 . 2007-08-02 10:49 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                      2008-02-08 11:55 . 2007-08-02 10:49 38,728 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                      2008-02-08 11:55 . 2007-08-02 10:49 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
                      2008-02-08 11:03 . 2008-02-08 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PC Tools
                      2008-02-08 11:03 . 2008-02-08 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CallingID
                      2008-02-08 11:02 . 2008-02-08 11:02 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
                      2008-02-06 11:16 . 2008-02-06 11:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
                      2008-02-06 11:15 . 2008-02-06 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
                      2008-02-06 00:35 . 2008-02-06 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
                      2008-02-06 00:24 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
                      2008-02-06 00:24 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
                      2008-02-06 00:22 . 2008-02-06 00:22 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
                      2008-02-05 11:12 . 2008-02-05 11:12 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
                      2008-01-26 12:53 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
                      2008-01-26 12:53 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
                      2008-01-26 12:53 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
                      2008-01-26 12:53 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
                      2008-01-26 12:53 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
                      2008-01-25 15:14 . 2008-01-25 15:14 <DIR> d-------- C:\Program Files\iTunes
                      2008-01-25 15:14 . 2008-01-25 15:14 <DIR> d-------- C:\Program Files\iPod
                      2008-01-25 15:13 . 2008-01-25 15:13 <DIR> d-------- C:\Program Files\Common Files\Apple
                      2008-01-24 18:34 . 2008-01-24 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
                      2008-01-24 18:33 . 2008-01-24 18:33 <DIR> d-------- C:\Program Files\Apple Software Update
                      2008-01-24 18:33 . 2008-01-24 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
                      2008-01-18 22:45 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
                      2008-01-11 22:44 . 2008-01-11 22:44 1,374 --a------ C:\WINDOWS\imsins.BAK
                      2008-01-11 15:18 . 2008-01-11 15:18 <DIR> d-------- C:\Program Files\Common Files\DirectX
                      2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
                      2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2007-12-29 14:35 112,992 ----a-w C:\WINDOWS\system32\drivers\keyscrambler.sys
                      2007-12-26 15:16 --------- d-----w C:\Program Files\Microprose
                      2007-12-26 12:43 --------- d-----w C:\Program Files\ReflexiveArcade
                      2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
                      2007-12-19 00:21 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
                      2007-12-19 00:21 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
                      2007-12-19 00:21 --------- d-----w C:\Program Files\OpenAL
                      2007-12-15 13:36 --------- d-----w C:\Program Files\ZoneAlarmSB
                      2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
                      2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
                      2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\NVMCTRAY.DLL
                      2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
                      2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
                      2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
                      2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
                      2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
                      2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
                      2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
                      2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
                      2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
                      2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
                      2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
                      2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
                      2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
                      2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
                      2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
                      2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
                      2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
                      2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
                      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
                      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
                      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
                      2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
                      2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
                      2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
                      2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
                      2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
                      2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
                      2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
                      2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
                      2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
                      2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
                      2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
                      2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
                      2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
                      2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
                      2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
                      2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
                      2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
                      2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
                      2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
                      2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
                      2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
                      2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
                      2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
                      2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
                      2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
                      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
                      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
                      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
                      2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
                      2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
                      2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
                      2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
                      2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
                      2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
                      2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
                      2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
                      2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
                      2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
                      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
                      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
                      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
                      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
                      2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
                      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
                      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
                      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
                      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
                      2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
                      2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
                      2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
                      2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
                      2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
                      2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
                      2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
                      2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
                      2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
                      2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
                      2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
                      2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
                      2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
                      2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
                      2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
                      2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
                      2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
                      2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
                      2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
                      2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
                      2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
                      2005-01-19 18:15 32 --sha-w C:\WINDOWS\{9A689BBA-4532-47CA-BC10-28FA971EA6E2}.dat
                      2005-01-19 18:15 32 --sha-w C:\WINDOWS\system32\{A59C887F-81A9-49F9-A2E3-BDC9C3C9A536}.dat
                      2007-09-24 14:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                      {2318C2B1-4965-11D4-9B18-009027A5CD4F}
                      {EF99BD32-C1FB-11D2-892F-0090271D4F88}
                      {10134636-E7AF-4AC5-A1DC-C7C44BB97D81}
                      {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

                      [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Verjaardagen"="D:\Program Files\verjaardagen1\Verjaardagen.exe" [2005-01-09 15:41 734208]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 15:18 68856]
                      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
                      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
                      "SpybotSD TeaTimer"="D:\software\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "ZoneAlarm Client"="D:\software\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                      "SPAMfighter Agent"="D:\software\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
                      "QuickTime Task"="D:\software\qttask.exe" [2008-01-10 15:27 385024]
                      "PWRISOVM.EXE"="D:\My ISO Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
                      "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
                      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
                      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
                      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
                      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
                      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
                      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-06 11:15 579072]
                      "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-02 10:49 1063752]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
                      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-06 11:16 219136]

                      C:\Documents and Settings\Bakker-Zuhorn\Menu Start\Programma's\Opstarten\
                      SpywareGuard.lnk - D:\software\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-08 18:35:23 110592]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
                      "Sony Ericsson PC Suite"="D:\software\Application Launcher\Application Launcher.exe" /startoptions
                      "nwiz"=nwiz.exe /install
                      "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

                      R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
                      R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
                      R2 SPAMfighter Update Service;SPAMfighter Update Service;D:\software\SPAMfighter\sfus.exe [2007-10-25 15:29]
                      R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
                      R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-12-29 15:35]
                      S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 21:26]
                      S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 21:26]
                      S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 21:26]
                      S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 21:26]
                      S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 21:26]

                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                      UxTuneUp

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e44968-81f5-11db-9940-0015f2360c33}]
                      \Shell\AutoRun\command - I:\Cym.exe

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-01-25 16:17:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
                      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
                      "2008-02-08 13:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-02-08 17:15:46
                      Windows 5.1.2600 Service Pack 2 FAT NTAPI

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      ------------------------ Other Running Processes ------------------------
                      .
                      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\Program Files\Eset\nod32krn.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\PnkBstrA.exe
                      C:\Program Files\Spyware Doctor\svcntaux.exe
                      C:\Program Files\Spyware Doctor\swdsvc.exe
                      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                      C:\WINDOWS\system32\msiexec.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                      D:\software\SpywareGuard\sgbhp.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2008-02-08 17:17:27 - machine was rebooted
                      ComboFix-quarantined-files.txt 2008-02-08 16:17:22
                      ComboFix3.txt 2008-02-08 14:24:46
                      ComboFix2.txt 2008-02-08 15:03:12
                      .
                      2008-01-11 21:45:16 --- E O F ---

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 17:18:48, on 8/02/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\csrss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\ZONELABS\vsmon.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\Program Files\Eset\nod32krn.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\WINDOWS\system32\PnkBstrA.exe
                      C:\Program Files\Spyware Doctor\svcntaux.exe
                      C:\Program Files\Spyware Doctor\swdsvc.exe
                      C:\Program Files\Spyware Doctor\SDTrayApp.exe
                      D:\software\SPAMfighter\sfus.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                      C:\WINDOWS\System32\alg.exe
                      D:\software\ZoneAlarm\zlclient.exe
                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                      D:\software\SPAMfighter\SFAgent.exe
                      D:\software\qttask.exe
                      D:\My ISO Files\PowerISO\PWRISOVM.EXE
                      C:\WINDOWS\system32\msiexec.exe
                      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                      D:\software\Spybot - Search & Destroy\TeaTimer.exe
                      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
                      D:\software\SpywareGuard\sgmain.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                      D:\software\SpywareGuard\sgbhp.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\WINDOWS\system32\notepad.exe
                      D:\software\hijackthis\HijackThis.exe
                      C:\WINDOWS\system32\wbem\wmiprvse.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
                      O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\software\KeyScrambler\KeyScramblerIE.dll
                      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\software\BitComet\tools\BitCometBHO_1.2.1.2.dll
                      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\software\SpywareGuard\dlprotect.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\software\SPYBOT~1\SDHelper.dll
                      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                      O2 - BHO: CallingID for IE - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - D:\software\CallingID\CallingIDIE.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                      O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
                      O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - D:\software\CallingID\CallingIDIE.dll
                      O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
                      O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\software\ZoneAlarm\zlclient.exe"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                      O4 - HKLM\..\Run: [SPAMfighter Agent] "D:\software\SPAMfighter\SFAgent.exe" update delay 60
                      O4 - HKLM\..\Run: [QuickTime Task] "D:\software\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\My ISO Files\PowerISO\PWRISOVM.EXE
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                      O4 - HKCU\..\Run: [Verjaardagen] D:\Program Files\verjaardagen1\Verjaardagen.exe auto
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
                      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                      O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\software\Spybot - Search & Destroy\TeaTimer.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Startup: SpywareGuard.lnk = D:\software\SpywareGuard\sgmain.exe
                      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\software\BitComet\BitComet.exe/AddLink.htm
                      O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\software\BitComet\BitComet.exe/AddVideo.htm
                      O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\software\BitComet\BitComet.exe/AddAllLink.htm
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
                      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
                      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
                      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
                      O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\software\KeyScrambler\KeyScramblerIE.dll
                      O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\software\KeyScrambler\KeyScramblerIE.dll
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                      O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\software\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\software\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\software\SPYBOT~1\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl
                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                      O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106157913236
                      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
                      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
                      O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://84.80.114.47:443/activex/AMC.cab
                      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
                      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - D:\software\SPAMfighter\sfus.exe
                      O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
                      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

                      --
                      End of file - 13109 bytes

                      Comment


                      • #12
                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Ga naar Start - Uitvoeren en geef hier het volgende in:
                        Combofix /U
                        Druk daarna op OK.
                        Let op: Er moet een spatie tussen Combofix en /U zitten.

                        Dit zal Combofix deïnstalleren.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Vertel of er nog problemen zijn?

                        Comment


                        • #13
                          re:

                          Tot nu toe nog geen popups weer gehad, en het betreffende bestandje staat ook niet meer in c:/windows/system32.

                          Bedankt voor je hulp en tijd.

                          Comment


                          • #14
                            Graag gedaan hoor

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X