Mededeling

**alexanderaa** · 21-02-08, 19:19

[QUOTE=alexanderaa;323575]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:29, on 21-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
D:\programma\utorrent.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Norman\Nvc\BIN\nvcod.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F619787D-581C-47DA-99D4-0E60ADE0D4C3} - C:\WINDOWS\system32\avmete.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.chello.nl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096661224421
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ALEXDE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10769 bytes

Komt om de haverklap terug bij dubbelklikken van een programma. Norman laten scannen CCleaner en ad-aware...
edoch blijft terugkomen...Wat te doen..?

Betreft melding:
Norman virus Control detected a trojan and moved it to the quarantine
Location: C\windows\system32\avmete.dll
trjan: W32/smalltroj.CVCA

**smeenk** · 22-02-08, 09:46

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**alexanderaa** · 22-02-08, 19:14

Hoi Smeenk,

Stuur je hierbij de logfile: RVAXO-results.log..

--RVAXO.exe Updated: 2008-02-22---first run---
Files found:
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\vbzip11.dll
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\actskn45.ocx

Uninstallers:

Folders Found:

C:\Program Files\Dcads Games Collection

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

en stuur het Combofix.txt hierbij..

ComboFix 08-02-22.2 - a d 2008-02-22 18:01:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.105 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\a d\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\a d\Application Data\inst.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\Cache\00008126
C:\Program Files\iMeshBar\bar\Cache\000093D3
C:\Program Files\iMeshBar\bar\Cache\0000A9FB
C:\Program Files\iMeshBar\bar\Cache\00014783
C:\Program Files\iMeshBar\bar\Cache\000213DC
C:\Program Files\iMeshBar\bar\Cache\0002E4F7
C:\Program Files\iMeshBar\bar\Cache\0003181D
C:\Program Files\iMeshBar\bar\Cache\0004651F
C:\Program Files\iMeshBar\bar\Cache\0004B9C7
C:\Program Files\iMeshBar\bar\Cache\0007C542.bin
C:\Program Files\iMeshBar\bar\Cache\0007C61C.bmp
C:\Program Files\iMeshBar\bar\Cache\0007C736.bmp
C:\Program Files\iMeshBar\bar\Cache\001A45C4
C:\Program Files\iMeshBar\bar\Cache\008216DB
C:\Program Files\iMeshBar\bar\Cache\00F0B5B4
C:\Program Files\iMeshBar\bar\Cache\035AB44E
C:\Program Files\iMeshBar\bar\Cache\05098B1B
C:\Program Files\iMeshBar\bar\Cache\0687DC18
C:\Program Files\iMeshBar\bar\Cache\2479D4DD
C:\Program Files\iMeshBar\bar\Cache\files.ini
C:\Program Files\iMeshBar\bar\History\search
C:\Program Files\iMeshBar\bar\Settings\prevcfg.htm
C:\Program Files\iMeshBar\desktop.ini
C:\Program Files\internet explorer\svchost.exe
C:\Program Files\newdotnet
C:\Program Files\newdotnet\desktop.ini

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://au.download.wind
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
.

2008-02-22 17:58 . 2008-02-22 17:58 <DIR> d-------- C:\Kaula Cocktails
2008-02-22 17:43 . 2008-02-22 17:54 <DIR> d-------- C:\RVAXO
2008-02-22 13:18 . 2008-02-22 17:41 538 --a------ C:\hpfr5550.xml
2008-02-22 13:03 . 2008-02-22 12:17 709,218 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-22 13:03 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-21 22:11 . 2008-02-21 22:11 <DIR> d-------- C:\Nature Wallpapers HD
2008-02-21 18:51 . 2008-02-21 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 01:46 . 2008-02-21 01:49 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-20 23:46 . 2008-02-20 23:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-20 23:35 . 2008-02-20 23:37 <DIR> d-------- C:\Program Files\Hitman Pro
2008-02-20 22:41 . 2008-02-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 22:21 . 2008-02-22 17:59 <DIR> d--hs---- C:\Documents and Settings\a d\Onlangs geopend
2008-02-20 21:54 . 2008-02-20 21:54 <DIR> d-------- C:\Documents and Settings\a d\.limewire
2008-02-20 21:35 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-18 17:42 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-02-16 11:43 . 2008-02-16 11:43 <DIR> d-------- C:\Documents and Settings\a d\Application Data\nCleaner
2008-02-16 11:42 . 2008-02-16 11:42 <DIR> d-------- C:\Program Files\NKProds
2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-13 17:49 . 2008-02-13 17:49 34,360 --------- C:\WINDOWS\system32\drivers\sbapifs.sys
2008-02-11 22:24 . 19,584 C:\WINDOWS\system32\drivers\puzbrbgw.dat
2008-02-09 23:00 . 2008-02-09 23:35 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-08 23:21 . 2008-02-08 23:22 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-08 23:21 . 2008-02-08 23:21 306,432 --------- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-08 23:21 . 2007-12-20 10:41 29,440 --------- C:\WINDOWS\system32\uxtuneup.dll
2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBRC.dat
2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBFC.dat
2008-02-05 08:52 . 2008-02-05 08:52 <DIR> d-------- C:\Documents and Settings\a d\Application Data\Sunbelt Software
2008-02-05 08:46 . 2008-02-21 06:32 <DIR> d-------- C:\Program Files\RogueRemover PRO
2008-02-05 08:46 . 2008-02-05 08:46 2,013 -r-h----- C:\WINDOWS\system32\drivers\hosts
2008-02-04 22:03 . 2008-02-20 22:37 <DIR> d-------- C:\Program Files\Spy Cleaner Gold
2008-02-04 22:03 . 2004-02-01 22:54 569,368 --------- C:\WINDOWS\system32\olelib.tlb
2008-02-04 22:03 . 2003-05-14 21:07 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
2008-02-04 22:03 . 1998-12-02 09:11 143,360 --------- C:\WINDOWS\system32\vbuzip10.dll
2008-02-04 22:03 . 1999-04-17 23:36 10,752 --------- C:\WINDOWS\system32\aamd532.dll
2008-02-02 22:37 . 2008-02-02 22:37 <DIR> d-------- C:\Program Files\Super Fast Shutdown
2008-01-31 21:02 . 2008-01-31 21:02 <DIR> d-------- C:\oma 90 best
2008-01-28 14:10 . 2002-09-11 13:00 84,480 --a------ C:\WINDOWS\system32\avmete.dll
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-24 19:35 . 2008-01-24 19:35 <DIR> d-------- C:\Program Files\sql2ksp3
2008-01-23 15:41 . 2008-01-23 15:41 97,216 --------- C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-01-23 00:01 . 2008-01-23 00:03 253,952 --------- C:\WINDOWS\system32\andt.sys
2008-01-22 22:56 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\IZArc
2008-01-22 22:55 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\ffdshow
2008-01-22 22:55 . 2008-01-22 22:55 <DIR> d-------- C:\Program Files\ALO SOFT
2008-01-22 22:55 . 2006-03-11 04:56 438,272 --------- C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-01-22 22:55 . 2005-11-25 23:13 266,240 --------- C:\WINDOWS\system32\cddareader.ax
2008-01-22 22:55 . 2006-11-06 15:30 262,144 --------- C:\WINDOWS\system32\lame_enc.dll
2008-01-22 22:55 . 2008-01-15 18:35 60,273 --------- C:\WINDOWS\system32\pthreadGC2.dll
2008-01-22 22:55 . 2005-05-16 16:27 53,248 --------- C:\WINDOWS\system32\AloFrame.ocx
2008-01-22 20:40 . 2008-01-22 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 12:03 --------- d-----w C:\Documents and Settings\a d\Application Data\uTorrent
2008-02-20 21:42 --------- d-----w C:\Documents and Settings\a d\Application Data\Lavasoft
2008-02-20 21:42 --------- d-----r C:\Program Files\Lavasoft
2008-02-20 21:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire Turbo
2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire
2008-02-20 20:54 --------- d-----w C:\Program Files\HCC Lite
2008-02-20 20:54 --------- d-----w C:\Program Files\GrabIt
2008-02-19 19:32 --------- d-----w C:\Documents and Settings\a d\Application Data\Vso
2008-02-17 20:26 --------- d-----w C:\Documents and Settings\a d\Application Data\LimeWire
2008-02-13 21:15 --------- d-----w C:\Documents and Settings\a d\Application Data\dvdcss
2008-02-13 19:17 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-13 19:16 --------- d-----r C:\Program Files\Roxio
2008-02-13 19:12 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-13 19:11 --------- d-----r C:\Program Files\InterActual
2008-02-13 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-13 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 18:50 --------- d-----r C:\Program Files\CyberLink
2008-02-13 18:44 --------- d-----w C:\Program Files\SlySoft
2008-02-13 18:44 --------- d-----w C:\Program Files\ClubDJ Pro
2008-02-13 18:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-02 19:01 --------- d-----r C:\Program Files\Spybot - Search & Destroy
2008-02-02 18:44 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-02-02 04:43 --------- d-----w C:\Documents and Settings\a d\Application Data\Registry Booster
2008-02-02 04:38 --------- d-----r C:\Program Files\XoftSpy
2008-01-29 12:30 --------- d-----w C:\Program Files\XviD
2008-01-29 12:30 --------- d-----w C:\Program Files\Teletekstbrowser
2008-01-29 11:55 --------- d-----r C:\Program Files\DVD Shrink
2008-01-24 19:14 --------- d-----r C:\Program Files\Microsoft Works
2008-01-24 18:58 --------- d-----w C:\Program Files\UltraISO
2008-01-24 18:57 --------- d-----w C:\Program Files\DVDFab Decrypter 3
2008-01-24 18:57 --------- d-----r C:\Program Files\DVDFab Platinum
2008-01-22 22:54 --------- d-----w C:\Documents and Settings\a d\Application Data\Nero
2008-01-22 19:13 --------- d-----w C:\Documents and Settings\a d\Application Data\SlySoft
2008-01-22 18:40 --------- d-----w C:\Program Files\ImTOO
2008-01-22 16:55 --------- d-----w C:\Program Files\DVD-RB PRO
2008-01-15 17:35 7,680 ------w C:\WINDOWS\system32\ff_vfw.dll
2008-01-14 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-01 21:17 --------- d-----w C:\Documents and Settings\a d\Application Data\Corel
2007-12-28 10:45 17,301 ----a-w C:\Documents and Settings\a d\Application Data\mdb.bin
2007-12-26 17:16 --------- d-----w C:\Documents and Settings\a d\Application Data\Ahead
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:18 267,776 ----a-w C:\WINDOWS\system32\iertutil(2).dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-26 16:22 1,036,800 ----a-w C:\WINDOWS\explorer.exe
2007-11-03 20:55 746 ----a-w C:\Program Files\register.reg
2007-08-08 17:16 47,360 -c--a-w C:\Documents and Settings\a d\Application Data\pcouffin.sys
2007-01-20 19:44 64,512 ---ha-w C:\Documents and Settings\a d\Application Data\dach100.dll
2006-10-30 21:35 81,920 -c--a-w C:\Documents and Settings\a d\Application Data\ezpinst.exe
2006-09-26 18:32 119 --sh--w C:\Program Files\Common Files\desktop.ini
2006-09-26 18:31 119 --sh--w C:\Program Files\desktop.ini
2005-05-16 07:50 8,320 ----a-w C:\Program Files\INSTALL.LOG
2005-05-16 07:50 398 ----a-w C:\Program Files\EINST.INF
2004-11-05 15:01 398,848 ----a-w C:\Program Files\Uninstall.exe
2004-11-05 14:59 2,543 ----a-w C:\Program Files\ReadMe.txt
2004-01-16 10:45 238,639 ------w C:\Program Files\Evaluation Agreement.pdf
1998-08-24 11:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F619787D-581C-47DA-99D4-0E60ADE0D4C3}]
2002-09-11 13:00 84480 --a------ C:\WINDOWS\system32\avmete.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 20:52 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-01-23 18:04 1670080]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2008-01-08 18:19 433856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 00:33 188416]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\alex deen\Menu Start\Programma's\Opstarten\
Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

[HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvshell]
--------- 2002-09-13 13:00 327680 C:\WINDOWS\Anvshell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraFilmHemmaAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 15:49 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
-----c--- 2002-12-10 00:33 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
--------- 2002-01-17 09:40 40448 C:\WINDOWS\system32\hplampc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07NXLRD_2949406]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2006-05-10 20:52 249856 C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--------- 2004-03-10 23:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a--c--- 2006-11-15 17:02 473600 C:\Program Files\SPAMfighter\SFAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a--c--- 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
R0 umgtnjei;umgtnjei;C:\WINDOWS\system32\drivers\puzbrbgw.dat

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 13:00]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
R2 Ndiskio;Ndiskio;c:\norman\nse\bin\ndiskio.sys [2007-01-02 09:55]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 14:52]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]
S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 08:50]
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sys [2007-01-09 14:25]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 23:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-20 08:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 17:03:03 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-15 21:14:19 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-22 16:58:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 18:06:30
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-22 18:09:06
ComboFix-quarantined-files.txt 2008-02-22 17:08:59
.
2008-02-22 00:15:01 --- E O F ---

Helaas blijft de melding komen..
Wat te doen..??

Groet, Alexanderaa

**smeenk** · 22-02-08, 20:50

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\hpfr5550.xml
C:\WINDOWS\system32\drivers\puzbrbgw.dat
C:\WINDOWS\system32\avmete.dll

Driver::
umgtnjei

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F619787D-581C-47DA-99D4-0E60ADE0D4C3}]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

**alexanderaa** · 22-02-08, 23:53

Hoi Smeenk,
De comp sloot niet aut. af na maken van combi-fix.txt.
Hieronder de nieuwe text

ComboFix 08-02-22.2 - a d 2008-02-22 23:17:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.160 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\a d\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\a d\Bureaublad\CFScript.txt.doc
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
.

2008-02-22 17:58 . 2008-02-22 17:58 <DIR> d-------- C:\Kaula Cocktails
2008-02-22 17:43 . 2008-02-22 17:54 <DIR> d-------- C:\RVAXO
2008-02-22 13:18 . 2008-02-22 18:35 538 --a------ C:\hpfr5550.xml
2008-02-22 13:03 . 2008-02-22 12:17 709,218 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-22 13:03 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-21 22:11 . 2008-02-21 22:11 <DIR> d-------- C:\Nature Wallpapers HD
2008-02-21 18:51 . 2008-02-21 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 01:46 . 2008-02-21 01:49 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-20 23:46 . 2008-02-20 23:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-20 23:35 . 2008-02-20 23:37 <DIR> d-------- C:\Program Files\Hitman Pro
2008-02-20 22:41 . 2008-02-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 22:21 . 2008-02-22 23:15 <DIR> d--hs---- C:\Documents and Settings\a d\Onlangs geopend
2008-02-20 21:54 . 2008-02-20 21:54 <DIR> d-------- C:\Documents and Settings\a d\.limewire
2008-02-20 21:35 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-18 17:42 . 2008-02-20 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-02-16 11:43 . 2008-02-16 11:43 <DIR> d-------- C:\Documents and Settings\a d\Application Data\nCleaner
2008-02-16 11:42 . 2008-02-16 11:42 <DIR> d-------- C:\Program Files\NKProds
2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-13 17:49 . 2008-02-13 17:49 34,360 --------- C:\WINDOWS\system32\drivers\sbapifs.sys
2008-02-11 22:24 . 19,584 C:\WINDOWS\system32\drivers\puzbrbgw.dat
2008-02-09 23:00 . 2008-02-09 23:35 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-08 23:21 . 2008-02-08 23:22 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-08 23:21 . 2008-02-08 23:21 306,432 --------- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-08 23:21 . 2007-12-20 10:41 29,440 --------- C:\WINDOWS\system32\uxtuneup.dll
2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBRC.dat
2008-02-05 09:11 . 2008-02-05 09:11 0 --------- C:\WINDOWS\system32\SBFC.dat
2008-02-05 08:52 . 2008-02-05 08:52 <DIR> d-------- C:\Documents and Settings\a d\Application Data\Sunbelt Software
2008-02-05 08:46 . 2008-02-21 06:32 <DIR> d-------- C:\Program Files\RogueRemover PRO
2008-02-05 08:46 . 2008-02-05 08:46 2,013 -r-h----- C:\WINDOWS\system32\drivers\hosts
2008-02-04 22:03 . 2008-02-20 22:37 <DIR> d-------- C:\Program Files\Spy Cleaner Gold
2008-02-04 22:03 . 2004-02-01 22:54 569,368 --------- C:\WINDOWS\system32\olelib.tlb
2008-02-04 22:03 . 2003-05-14 21:07 389,120 --------- C:\WINDOWS\system32\actskn43.ocx
2008-02-04 22:03 . 1998-12-02 09:11 143,360 --------- C:\WINDOWS\system32\vbuzip10.dll
2008-02-04 22:03 . 1999-04-17 23:36 10,752 --------- C:\WINDOWS\system32\aamd532.dll
2008-02-02 22:37 . 2008-02-02 22:37 <DIR> d-------- C:\Program Files\Super Fast Shutdown
2008-01-31 21:02 . 2008-01-31 21:02 <DIR> d-------- C:\oma 90 best
2008-01-28 14:10 . 2002-09-11 13:00 84,480 --a------ C:\WINDOWS\system32\avmete.dll
2008-01-24 19:58 . 2008-01-24 19:58 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-24 19:35 . 2008-01-24 19:35 <DIR> d-------- C:\Program Files\sql2ksp3
2008-01-23 15:41 . 2008-01-23 15:41 97,216 --------- C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-01-23 00:01 . 2008-01-23 00:03 253,952 --------- C:\WINDOWS\system32\andt.sys
2008-01-22 22:56 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\IZArc
2008-01-22 22:55 . 2008-01-24 19:57 <DIR> d-------- C:\Program Files\ffdshow
2008-01-22 22:55 . 2008-01-22 22:55 <DIR> d-------- C:\Program Files\ALO SOFT
2008-01-22 22:55 . 2006-03-11 04:56 438,272 --------- C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-01-22 22:55 . 2005-11-25 23:13 266,240 --------- C:\WINDOWS\system32\cddareader.ax
2008-01-22 22:55 . 2006-11-06 15:30 262,144 --------- C:\WINDOWS\system32\lame_enc.dll
2008-01-22 22:55 . 2008-01-15 18:35 60,273 --------- C:\WINDOWS\system32\pthreadGC2.dll
2008-01-22 22:55 . 2005-05-16 16:27 53,248 --------- C:\WINDOWS\system32\AloFrame.ocx
2008-01-22 20:40 . 2008-01-22 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 22:15 --------- d-----w C:\Documents and Settings\a d\Application Data\uTorrent
2008-02-20 21:42 --------- d-----w C:\Documents and Settings\a d\Application Data\Lavasoft
2008-02-20 21:42 --------- d-----r C:\Program Files\Lavasoft
2008-02-20 21:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire Turbo
2008-02-20 20:54 --------- d-----w C:\Program Files\LimeWire
2008-02-20 20:54 --------- d-----w C:\Program Files\HCC Lite
2008-02-20 20:54 --------- d-----w C:\Program Files\GrabIt
2008-02-19 19:32 --------- d-----w C:\Documents and Settings\a d\Application Data\Vso
2008-02-17 20:26 --------- d-----w C:\Documents and Settings\a d\Application Data\LimeWire
2008-02-13 21:15 --------- d-----w C:\Documents and Settings\a d\Application Data\dvdcss
2008-02-13 19:17 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-13 19:16 --------- d-----r C:\Program Files\Roxio
2008-02-13 19:12 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-13 19:11 --------- d-----r C:\Program Files\InterActual
2008-02-13 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-13 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 18:50 --------- d-----r C:\Program Files\CyberLink
2008-02-13 18:44 --------- d-----w C:\Program Files\SlySoft
2008-02-13 18:44 --------- d-----w C:\Program Files\ClubDJ Pro
2008-02-13 18:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-02 19:01 --------- d-----r C:\Program Files\Spybot - Search & Destroy
2008-02-02 18:44 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-02-02 04:43 --------- d-----w C:\Documents and Settings\a d\Application Data\Registry Booster
2008-02-02 04:38 --------- d-----r C:\Program Files\XoftSpy
2008-01-29 12:30 --------- d-----w C:\Program Files\XviD
2008-01-29 12:30 --------- d-----w C:\Program Files\Teletekstbrowser
2008-01-29 11:55 --------- d-----r C:\Program Files\DVD Shrink
2008-01-24 19:14 --------- d-----r C:\Program Files\Microsoft Works
2008-01-24 18:58 --------- d-----w C:\Program Files\UltraISO
2008-01-24 18:57 --------- d-----w C:\Program Files\DVDFab Decrypter 3
2008-01-24 18:57 --------- d-----r C:\Program Files\DVDFab Platinum
2008-01-22 22:54 --------- d-----w C:\Documents and Settings\a d\Application Data\Nero
2008-01-22 19:13 --------- d-----w C:\Documents and Settings\a d\Application Data\SlySoft
2008-01-22 18:40 --------- d-----w C:\Program Files\ImTOO
2008-01-22 16:55 --------- d-----w C:\Program Files\DVD-RB PRO
2008-01-15 17:35 7,680 ------w C:\WINDOWS\system32\ff_vfw.dll
2008-01-14 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-01 21:17 --------- d-----w C:\Documents and Settings\a d\Application Data\Corel
2007-12-28 10:45 17,301 ----a-w C:\Documents and Settings\a d\Application Data\mdb.bin
2007-12-26 17:16 --------- d-----w C:\Documents and Settings\a d\Application Data\Ahead
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:18 267,776 ----a-w C:\WINDOWS\system32\iertutil(2).dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-26 16:22 1,036,800 ----a-w C:\WINDOWS\explorer.exe
2007-11-03 20:55 746 ----a-w C:\Program Files\register.reg
2007-08-08 17:16 47,360 -c--a-w C:\Documents and Settings\a d\Application Data\pcouffin.sys
2007-01-20 19:44 64,512 ---ha-w C:\Documents and Settings\a d\Application Data\dach100.dll
2006-10-30 21:35 81,920 -c--a-w C:\Documents and Settings\a d\Application Data\ezpinst.exe
2006-09-26 18:32 119 --sh--w C:\Program Files\Common Files\desktop.ini
2006-09-26 18:31 119 --sh--w C:\Program Files\desktop.ini
2005-05-16 07:50 8,320 ----a-w C:\Program Files\INSTALL.LOG
2005-05-16 07:50 398 ----a-w C:\Program Files\EINST.INF
2004-11-05 15:01 398,848 ----a-w C:\Program Files\Uninstall.exe
2004-11-05 14:59 2,543 ----a-w C:\Program Files\ReadMe.txt
2004-01-16 10:45 238,639 ------w C:\Program Files\Evaluation Agreement.pdf
1998-08-24 11:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F619787D-581C-47DA-99D4-0E60ADE0D4C3}]
2002-09-11 13:00 84480 --a------ C:\WINDOWS\system32\avmete.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 20:52 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-01-23 18:04 1670080]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2008-01-08 18:19 433856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 00:33 188416]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\a d\Menu Start\Programma's\Opstarten\
Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

[HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^a d^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]
backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anvshell]
--------- 2002-09-13 13:00 327680 C:\WINDOWS\Anvshell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraFilmHemmaAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 15:49 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
-----c--- 2002-12-10 00:33 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
--------- 2002-01-17 09:40 40448 C:\WINDOWS\system32\hplampc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07NXLRD_2949406]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2006-05-10 20:52 249856 C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--------- 2004-03-10 23:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a--c--- 2006-11-15 17:02 473600 C:\Program Files\SPAMfighter\SFAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a--c--- 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
R0 umgtnjei;umgtnjei;C:\WINDOWS\system32\drivers\puzbrbgw.dat

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 13:00]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
R2 Ndiskio;Ndiskio;c:\norman\nse\bin\ndiskio.sys [2007-01-02 09:55]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 14:52]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]
S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 08:50]
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sys [2007-01-09 14:25]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 23:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-20 08:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 22:03:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-15 21:14:19 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-22 17:23:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 23:23:34
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-22 23:26:20
ComboFix-quarantined-files.txt 2008-02-22 22:26:12
ComboFix2.txt 2008-02-22 18:06:39
.
2008-02-22 00:15:01 --- E O F ---

Venster blijft ook na opnieuw opstarten terugkomen.

...?
Groet, Alexanderaa

**smeenk** · 23-02-08, 00:01

Je doet blijkbaar iets fout, ik zie een doc-bestand:

Command switches used :: C:\Documents and Settings\a d\Bureaublad\CFScript.txt.doc

Download de bijlage maar en sleep die over Combofix.exe

Bijgevoegde Bestanden

cfscript.txt (307 Bytes, 103 keer bekeken)

**alexanderaa** · 23-02-08, 00:34

Hoi Smeenk,

Hoe je 't doet doe je 't maar 't werkt!!
1000x bedankt..en ga de brochure er eens op nakijken om eea te installeren..voorkomen zal wel nooit helemaal. Heb dit ook niet eerder bij de hand gehad..maar hoop dat 't nu zo blijft.
en anders kom ik bij terug!

Reuze zo'n site.

Groet,
Alexanderaa

**smeenk** · 23-02-08, 09:17

Lijkt allemaal goed gegaan te zijn

Doe dit nog:
Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Post als laatste nog een nieuw logje van Hijackthis ter controle

**alexanderaa** · 24-02-08, 20:53

Hoi Smeenk, hier de log-file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46, on 2008-02-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.chello.nl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096661224421
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9905 bytes

Groet, Alexanderaa

**smeenk** · 24-02-08, 21:02

Logje ziet er weer schoon uit

**alexanderaa** · 24-02-08, 21:46

Bedankt

Bedankt Smeenk!
Ik kom af en toe eens neuzen op jullie site!:

**smeenk** · 25-02-08, 15:22

Graag gedaan hoor

Mededeling

probleem met W32/smalltroj.CVCA

probleem met W32/smalltroj.CVCA

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment