Mededeling

Collapse
No announcement yet.

Bureaublad laden duurt lang

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Bureaublad laden duurt lang

    Mijn computer start redelijk snel op totdat het blauwe scherm van windows komt met welkom. Vanaf hier duurt het vaak 1-2 minuten voordat mijn bureaublad geladen is.
    Heb de computer al gescanned met AdAware SE en Spybot Search & Destroy, en al wat opgeruimd met ATF cleaner.

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13, on 2008-02-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
    O2 - BHO: (no name) - {08D06A2A-8FDE-46F1-860A-E02677365255} - (no file)
    O2 - BHO: (no name) - {08D75434-3FF1-4434-B27F-B5E409E3545A} - (no file)
    O2 - BHO: (no name) - {12B61312-474E-4D59-B09F-0D6DFF5DCF1B} - (no file)
    O2 - BHO: (no name) - {1652DF22-AB39-4CE8-ABAB-532CCEDA50C8} - (no file)
    O2 - BHO: (no name) - {1B200577-5BAE-4609-8D07-E1F7BF877677} - (no file)
    O2 - BHO: (no name) - {1CDE278E-E20D-43AD-90EB-E736E5419DED} - (no file)
    O2 - BHO: (no name) - {1E4D9C3B-18F8-4FB6-AACB-0CDABAEE3F02} - (no file)
    O2 - BHO: (no name) - {1E5F1BCA-BE89-4041-902E-6B73605C0E67} - (no file)
    O2 - BHO: (no name) - {27C058B9-F401-4DB7-AA70-94AFF4037E0A} - (no file)
    O2 - BHO: (no name) - {28E117E3-1E68-4BDE-9D45-D4A1162724DE} - (no file)
    O2 - BHO: (no name) - {37D8C41E-AA4F-496E-B4C3-63EC5B68F0CF} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: (no name) - {3A1CF5A0-BA4D-4DA6-BBDE-A81F796DA4A0} - (no file)
    O2 - BHO: (no name) - {4A6184A4-CA96-41CA-A3F6-1B4C4292DD16} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5820B760-038F-4231-B637-C0C18FD0484D} - (no file)
    O2 - BHO: (no name) - {58E9AC24-5A2A-4908-9E3B-0633C0F8DF30} - (no file)
    O2 - BHO: (no name) - {5A0461DB-8837-4EF0-A8EC-19BA5CE0F439} - (no file)
    O2 - BHO: (no name) - {68F18C81-5E36-44B3-B8F2-30A4A9155F8F} - (no file)
    O2 - BHO: (no name) - {69B87056-9371-421D-9190-A2E795B5DD6A} - (no file)
    O2 - BHO: (no name) - {6CA621F5-EEBB-4698-8FD1-A734A5D98907} - (no file)
    O2 - BHO: (no name) - {6CF86B44-5B5D-4FB4-B25E-E01463110F93} - (no file)
    O2 - BHO: (no name) - {6F79388A-2343-4A98-BABA-B06926056BE3} - (no file)
    O2 - BHO: (no name) - {6FA6CDCB-269A-4EAA-8D1A-C3C1A2D1B781} - (no file)
    O2 - BHO: (no name) - {74ee2fa6-8257-457b-9f20-f03a0dcebb39} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {872F73EB-3560-46DE-86E7-20333CAC2E7C} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A5EF3C6F-BE56-437C-895E-9BF6481A13C6} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {B3734554-444B-4526-9D28-F97A155CD0C5} - (no file)
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
    O2 - BHO: (no name) - {c6408bd2-a5f3-47ec-82cf-0595f8ef3f8b} - (no file)
    O2 - BHO: (no name) - {C64990EF-69F6-41CA-94A2-0DB0E03ECB19} - (no file)
    O2 - BHO: (no name) - {CADA40FD-D4F3-41B3-B3E6-A2E3D884F4AE} - (no file)
    O2 - BHO: (no name) - {D99FB8DB-B07D-4B15-9A42-E5AF7F82C7D6} - (no file)
    O2 - BHO: (no name) - {DCDC4E07-8C35-4524-8ABF-7C982EA79A14} - (no file)
    O2 - BHO: (no name) - {E2D1FE5D-B528-431B-B271-D841CBBBD2B6} - (no file)
    O2 - BHO: (no name) - {E4B30FA7-87DF-4DEA-B884-EC983445DDAC} - (no file)
    O2 - BHO: (no name) - {E7623354-36ED-4CD1-9DA0-C2D8C310F64D} - (no file)
    O2 - BHO: (no name) - {F5348E6D-58DF-4369-B136-1D91953E64BD} - (no file)
    O2 - BHO: (no name) - {F5A017D0-B363-4926-9542-04D58F809EDF} - (no file)
    O2 - BHO: (no name) - {F916B639-80E3-45C2-AFC0-6A82F5E52BE6} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149674674703
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B761F64-C2DA-452C-A42C-CAEF513F8C40}: NameServer = 213.51.129.37,213.51.144.37
    O17 - HKLM\System\CCS\Services\Tcpip\..\{30AA6F96-BCB8-4FEA-8BD7-AE95A7FFD3AA}: NameServer = 213.51.129.37,213.51.144.37
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: efcbxxx - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: ZendCoreApache - Apache Software Foundation - C:\Program Files\Zend\Apache2\bin\httpd.exe
    
    --
    End of file - 10534 bytes

  • #2
    Hi Brainsmasner,

    1. Ik zie dat je TeaTimer van Spybot op de achtergrond hebt draaien, deze kan in de weg zitten met het fixen van HijackThis-regels. Zet daarom de TeaTimer eventjes uit, dit doe je op de volgende manier:

    1. Start Spybot Search and Destroy.
    2. Ga naar 'Mode' > selecteer Advanced Mode
    3. Ga naar 'Tools' en klik op het Resident-icoon in de lijst
    4. Haal het vinkje weg bij Resident TeaTimer en klik OK

    5. Download nu [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat naar je bureaublad. (rechtsklikken -> opslaan als..)
    6. Open nu ResetTeaTimer.bat vanaf je bureaublad.

    TeaTimer is nu uitgezet en gereset.

    2. Start HijackThis en kies voor 'Do a system scan only'.
    Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan:

    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
    O2 - BHO: (no name) - {08D06A2A-8FDE-46F1-860A-E02677365255} - (no file)
    O2 - BHO: (no name) - {08D75434-3FF1-4434-B27F-B5E409E3545A} - (no file)
    O2 - BHO: (no name) - {12B61312-474E-4D59-B09F-0D6DFF5DCF1B} - (no file)
    O2 - BHO: (no name) - {1652DF22-AB39-4CE8-ABAB-532CCEDA50C8} - (no file)
    O2 - BHO: (no name) - {1B200577-5BAE-4609-8D07-E1F7BF877677} - (no file)
    O2 - BHO: (no name) - {1CDE278E-E20D-43AD-90EB-E736E5419DED} - (no file)
    O2 - BHO: (no name) - {1E4D9C3B-18F8-4FB6-AACB-0CDABAEE3F02} - (no file)
    O2 - BHO: (no name) - {1E5F1BCA-BE89-4041-902E-6B73605C0E67} - (no file)
    O2 - BHO: (no name) - {27C058B9-F401-4DB7-AA70-94AFF4037E0A} - (no file)
    O2 - BHO: (no name) - {28E117E3-1E68-4BDE-9D45-D4A1162724DE} - (no file)
    O2 - BHO: (no name) - {37D8C41E-AA4F-496E-B4C3-63EC5B68F0CF} - (no file)
    O2 - BHO: (no name) - {3A1CF5A0-BA4D-4DA6-BBDE-A81F796DA4A0} - (no file)
    O2 - BHO: (no name) - {4A6184A4-CA96-41CA-A3F6-1B4C4292DD16} - (no file)
    O2 - BHO: (no name) - {5820B760-038F-4231-B637-C0C18FD0484D} - (no file)
    O2 - BHO: (no name) - {58E9AC24-5A2A-4908-9E3B-0633C0F8DF30} - (no file)
    O2 - BHO: (no name) - {5A0461DB-8837-4EF0-A8EC-19BA5CE0F439} - (no file)
    O2 - BHO: (no name) - {68F18C81-5E36-44B3-B8F2-30A4A9155F8F} - (no file)
    O2 - BHO: (no name) - {69B87056-9371-421D-9190-A2E795B5DD6A} - (no file)
    O2 - BHO: (no name) - {6CA621F5-EEBB-4698-8FD1-A734A5D98907} - (no file)
    O2 - BHO: (no name) - {6CF86B44-5B5D-4FB4-B25E-E01463110F93} - (no file)
    O2 - BHO: (no name) - {6F79388A-2343-4A98-BABA-B06926056BE3} - (no file)
    O2 - BHO: (no name) - {6FA6CDCB-269A-4EAA-8D1A-C3C1A2D1B781} - (no file)
    O2 - BHO: (no name) - {74ee2fa6-8257-457b-9f20-f03a0dcebb39} - (no file)
    O2 - BHO: (no name) - {872F73EB-3560-46DE-86E7-20333CAC2E7C} - (no file)
    O2 - BHO: (no name) - {A5EF3C6F-BE56-437C-895E-9BF6481A13C6} - (no file)
    O2 - BHO: (no name) - {B3734554-444B-4526-9D28-F97A155CD0C5} - (no file)
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
    O2 - BHO: (no name) - {c6408bd2-a5f3-47ec-82cf-0595f8ef3f8b} - (no file)
    O2 - BHO: (no name) - {C64990EF-69F6-41CA-94A2-0DB0E03ECB19} - (no file)
    O2 - BHO: (no name) - {CADA40FD-D4F3-41B3-B3E6-A2E3D884F4AE} - (no file)
    O2 - BHO: (no name) - {D99FB8DB-B07D-4B15-9A42-E5AF7F82C7D6} - (no file)
    O2 - BHO: (no name) - {DCDC4E07-8C35-4524-8ABF-7C982EA79A14} - (no file)
    O2 - BHO: (no name) - {E2D1FE5D-B528-431B-B271-D841CBBBD2B6} - (no file)
    O2 - BHO: (no name) - {E4B30FA7-87DF-4DEA-B884-EC983445DDAC} - (no file)
    O2 - BHO: (no name) - {E7623354-36ED-4CD1-9DA0-C2D8C310F64D} - (no file)
    O2 - BHO: (no name) - {F5348E6D-58DF-4369-B136-1D91953E64BD} - (no file)
    O2 - BHO: (no name) - {F5A017D0-B363-4926-9542-04D58F809EDF} - (no file)
    O2 - BHO: (no name) - {F916B639-80E3-45C2-AFC0-6A82F5E52BE6} - (no file)
    O20 - Winlogon Notify: efcbxxx - C:\WINDOWS\

    Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
    Indien er een vraag komt over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

    3. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix en sla het op je bureaublad op.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download ComboFix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
    Plaats deze log in je volgende post, samen met een vers HijackThis logje.

    - Daniël

    Comment


    • #3
      Sorry voor late reactie (vakantie he )
      Hier de logjes:

      "Eigenaar" - 2008-03-02 22:12:57 Service Pack 2
      ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Eigenaar\Bureaublad\shortcuts\"


      ((((((((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))


      2008-03-02 21:10 <DIR> d--hs---- C:\Documents and Settings\Eigenaar\Onlangs geopend
      2008-03-02 21:10 <DIR> d--hs---- C:\DOCUME~1\Eigenaar\Onlangs geopend
      2008-02-27 17:15 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
      2008-02-27 17:15 <DIR> d-------- C:\Program Files\Electronic Arts
      2008-02-22 15:25 90,112 --a------ C:\WINDOWS\fsxloqf.exe
      2008-02-22 15:25 253,952 --a------ C:\WINDOWS\admgcx.dll
      2008-02-22 15:24 <DIR> d-------- C:\Program Files\NetProject
      2008-02-22 15:24 <DIR> d-------- C:\Program Files\Helper
      2008-02-22 07:46 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
      2008-02-22 07:41 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\DAEMON Tools
      2008-02-21 20:47 <DIR> d-------- C:\Program Files\FDRLab
      2008-02-21 17:36 <DIR> d-------- C:\Program Files\YouTube Downloader
      2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
      2008-02-21 00:30 691,545 --a------ C:\WINDOWS\unins000.exe
      2008-02-21 00:30 2,546 --a------ C:\WINDOWS\unins000.dat


      (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

      2008-03-02 21:02:16 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\SiteAdvisor
      2008-03-02 20:09:59 -------- d-----w C:\Program Files\BeClean
      2008-03-02 18:50:48 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
      2008-02-28 07:18:11 -------- d-----w C:\Program Files\eMule
      2008-02-28 07:08:04 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Xfire
      2008-02-27 17:07:51 -------- d-s---w C:\Program Files\Xfire
      2008-02-27 15:50:38 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\temp
      2008-02-27 05:57:06 -------- d-----w C:\Program Files\World of Warcraft
      2008-02-22 15:57:33 -------- d-----w C:\Program Files\GameSpy Arcade
      2008-02-22 06:41:48 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2008-02-05 21:34:28 -------- d-----w C:\Program Files\Winamp
      2008-01-30 05:46:15 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
      2008-01-29 20:29:27 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Ashampoo
      2008-01-29 20:28:03 -------- d-----w C:\Program Files\Ashampoo
      2008-01-29 17:25:55 -------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-01-25 06:07:37 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\IGN_DLM
      2008-01-18 18:45:53 13,312 --s-a-w C:\WINDOWS\system32\wbchha.dll
      2008-01-17 23:02:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-01-17 23:02:22 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2008-01-17 22:58:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2008-01-17 22:20:12 -------- d-----w C:\Program Files\Microsoft Works
      2008-01-17 10:48:58 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\FileZilla
      2008-01-17 10:42:58 -------- d-----w C:\Program Files\FileZilla Client
      2008-01-16 12:56:20 -------- d-----w C:\Program Files\Consumer Update Firmware
      2008-01-16 12:28:57 -------- d-----w C:\Program Files\AVIConverter
      2008-01-14 19:22:17 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\CoSoSys
      2008-01-11 21:50:38 -------- d-----w C:\Program Files\Steam
      2008-01-10 17:20:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-09 21:23:50 -------- d-----w C:\Program Files\Download Manager
      2008-01-09 21:02:37 -------- d-----w C:\Program Files\Comodo
      2008-01-09 20:50:38 -------- d-----w C:\Program Files\Microsoft Bootvis
      2008-01-07 17:37:37 -------- d-----w C:\Program Files\Common Files\InstallShield
      2008-01-07 12:10:08 -------- d-----w C:\Program Files\TMF Music Messenger
      2008-01-07 12:10:08 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\InterTalk
      2008-01-07 10:37:54 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\teamspeak2
      2008-01-06 23:30:57 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\aignes
      2007-12-20 14:15:06 21,058 ----a-w C:\WINDOWS\mozver.dat
      2007-12-16 10:15:37 46 ----a-w C:\WINDOWS\system32\DonationCoder_processtamer_InstallInfo.dat
      2007-12-14 21:58:57 85,568 ----a-w C:\WINDOWS\system32\hmgltffy.dll
      2007-12-13 22:01:31 85,568 ----a-w C:\WINDOWS\system32\pmohgwtb.dll
      2007-12-13 21:58:33 80,448 ----a-w C:\WINDOWS\system32\ihbdugaa.dll
      2007-12-12 22:01:46 85,568 ----a-w C:\WINDOWS\system32\hgepqygr.dll
      2007-12-11 22:02:36 85,568 ----a-w C:\WINDOWS\system32\elipcjhq.dll
      2007-12-11 21:59:32 80,448 ----a-w C:\WINDOWS\system32\pjqytewb.dll
      2007-12-10 21:59:09 85,568 ----a-w C:\WINDOWS\system32\mwpiulbg.dll
      2007-12-10 21:56:10 80,448 ----a-w C:\WINDOWS\system32\cvqxgnup.dll
      2007-12-09 22:02:04 85,568 ----a-w C:\WINDOWS\system32\wlpuhioa.dll
      2007-12-08 19:54:31 80,448 ----a-w C:\WINDOWS\system32\mtnyuwac.dll
      2007-12-08 15:09:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2007-12-08 12:32:42 23,728 ----a-w C:\WINDOWS\system32\pmnlkli.dll
      2007-12-07 19:48:35 85,568 ----a-w C:\WINDOWS\system32\tndtrdxy.dll
      2007-12-07 19:45:36 80,448 ----a-w C:\WINDOWS\system32\mtosxlqj.dll
      2007-12-06 20:00:50 80,448 ----a-w C:\WINDOWS\system32\vsosaarj.dll
      2007-12-05 19:57:03 81,984 ----a-w C:\WINDOWS\system32\wxcocytn.dll
      2007-12-05 19:54:05 85,568 ----a-w C:\WINDOWS\system32\dppdpjoy.dll
      2007-12-04 19:59:28 85,568 ----a-w C:\WINDOWS\system32\hmrhsqup.dll
      2007-12-04 19:53:30 79,424 ----a-w C:\WINDOWS\system32\lrkjujhf.dll
      2007-12-03 19:57:30 77,376 ----a-w C:\WINDOWS\system32\rnkgword.dll
      2007-12-03 11:03:36 34,832 ----a-w C:\WINDOWS\system32\perfc013.dat
      2007-12-03 11:03:36 103,266 ----a-w C:\WINDOWS\system32\perfh013.dat
      2007-12-02 23:12:43 206 ----a-w C:\WINDOWS\system32\aeeecd2_d.dll
      2007-12-02 19:16:57 76,864 ----a-w C:\WINDOWS\system32\qcmwpyii.dll
      2007-10-14 18:06:19 23 --sha-w C:\WINDOWS\system32\dcac1_d.dll
      2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
      2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
      2004-08-03 23:03:34 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe


      (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 22:08]
      {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 14:30]
      {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 11:43]
      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-01-23 00:28]
      {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 19:33]
      {AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 22:20]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
      "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableTaskMgr"=0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "AllowLegacyWebView"=1 (0x1)
      "AllowUnhashedWebView"=1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "MaxRecentDocs"=11 (0xb)

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages msv1_0 C:\WINDOWS\system32\ssttq.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Snelle start.lnk]
      backup=C:\WINDOWS\pss\Adobe Acrobat Snelle start.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2445ce51]
      rundll32.exe "C:\WINDOWS\system32\soarchtd.dll",b

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      %systemroot%\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
      C:\WINDOWS\SiSUSBrg.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
      "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
      "Steam"="c:\program files\steam\steam.exe" -silent

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      "nwiz"=nwiz.exe /install
      "SoundMan"=SOUNDMAN.EXE
      "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
      AutoRun\command- G:\Installer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
      AutoRun\command- I:\Installer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd2c350-f645-11da-a2ca-000feafc3873}]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a770ec45-0fe3-11db-a30f-001217968a10}]



      ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

      backup-20080302-221229-169
      O20 - Winlogon Notify: efcbxxx - C:\WINDOWS\

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcbxxx]



      backup-20080302-221229-778
      O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe (file missing)

      backup-20080302-221229-881
      O2 - BHO: (no name) - {F5A017D0-B363-4926-9542-04D58F809EDF} - (no file)

      backup-20080302-221229-799
      O2 - BHO: (no name) - {F916B639-80E3-45C2-AFC0-6A82F5E52BE6} - (no file)

      backup-20080302-221229-219
      O2 - BHO: (no name) - {E7623354-36ED-4CD1-9DA0-C2D8C310F64D} - (no file)

      backup-20080302-221229-753
      O2 - BHO: (no name) - {E2D1FE5D-B528-431B-B271-D841CBBBD2B6} - (no file)

      backup-20080302-221229-520
      O2 - BHO: (no name) - {F5348E6D-58DF-4369-B136-1D91953E64BD} - (no file)

      backup-20080302-221229-975
      O2 - BHO: (no name) - {D99FB8DB-B07D-4B15-9A42-E5AF7F82C7D6} - (no file)

      backup-20080302-221229-563
      O2 - BHO: (no name) - {DCDC4E07-8C35-4524-8ABF-7C982EA79A14} - (no file)

      backup-20080302-221229-653
      O2 - BHO: (no name) - {E4B30FA7-87DF-4DEA-B884-EC983445DDAC} - (no file)

      backup-20080302-221229-534
      O2 - BHO: (no name) - {C64990EF-69F6-41CA-94A2-0DB0E03ECB19} - (no file)

      backup-20080302-221229-719
      O2 - BHO: (no name) - {c6408bd2-a5f3-47ec-82cf-0595f8ef3f8b} - (no file)

      backup-20080302-221229-947
      O2 - BHO: (no name) - {CADA40FD-D4F3-41B3-B3E6-A2E3D884F4AE} - (no file)

      backup-20080302-221229-394
      O2 - BHO: (no name) - {872F73EB-3560-46DE-86E7-20333CAC2E7C} - (no file)

      backup-20080302-221229-518
      O2 - BHO: (no name) - {74ee2fa6-8257-457b-9f20-f03a0dcebb39} - (no file)

      backup-20080302-221229-508
      O2 - BHO: (no name) - {A5EF3C6F-BE56-437C-895E-9BF6481A13C6} - (no file)

      backup-20080302-221229-657
      O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)

      backup-20080302-221229-433
      O2 - BHO: (no name) - {B3734554-444B-4526-9D28-F97A155CD0C5} - (no file)

      backup-20080302-221229-427
      O2 - BHO: (no name) - {6CF86B44-5B5D-4FB4-B25E-E01463110F93} - (no file)

      backup-20080302-221229-660
      O2 - BHO: (no name) - {6FA6CDCB-269A-4EAA-8D1A-C3C1A2D1B781} - (no file)

      backup-20080302-221229-717
      O2 - BHO: (no name) - {6F79388A-2343-4A98-BABA-B06926056BE3} - (no file)

      backup-20080302-221229-544
      O2 - BHO: (no name) - {6CA621F5-EEBB-4698-8FD1-A734A5D98907} - (no file)

      backup-20080302-221229-291
      O2 - BHO: (no name) - {68F18C81-5E36-44B3-B8F2-30A4A9155F8F} - (no file)

      backup-20080302-221229-594
      O2 - BHO: (no name) - {69B87056-9371-421D-9190-A2E795B5DD6A} - (no file)

      backup-20080302-221229-985
      O2 - BHO: (no name) - {5820B760-038F-4231-B637-C0C18FD0484D} - (no file)

      backup-20080302-221229-793
      O2 - BHO: (no name) - {5A0461DB-8837-4EF0-A8EC-19BA5CE0F439} - (no file)

      backup-20080302-221229-714
      O2 - BHO: (no name) - {58E9AC24-5A2A-4908-9E3B-0633C0F8DF30} - (no file)

      backup-20080302-221229-552
      O2 - BHO: (no name) - {37D8C41E-AA4F-496E-B4C3-63EC5B68F0CF} - (no file)

      backup-20080302-221229-712
      O2 - BHO: (no name) - {4A6184A4-CA96-41CA-A3F6-1B4C4292DD16} - (no file)

      backup-20080302-221229-794
      O2 - BHO: (no name) - {3A1CF5A0-BA4D-4DA6-BBDE-A81F796DA4A0} - (no file)

      backup-20080302-221229-716
      O2 - BHO: (no name) - {28E117E3-1E68-4BDE-9D45-D4A1162724DE} - (no file)

      backup-20080302-221229-924
      O2 - BHO: (no name) - {1E5F1BCA-BE89-4041-902E-6B73605C0E67} - (no file)

      backup-20080302-221229-193
      O2 - BHO: (no name) - {27C058B9-F401-4DB7-AA70-94AFF4037E0A} - (no file)

      backup-20080302-221229-770
      O2 - BHO: (no name) - {1CDE278E-E20D-43AD-90EB-E736E5419DED} - (no file)

      backup-20080302-221229-170
      O2 - BHO: (no name) - {1E4D9C3B-18F8-4FB6-AACB-0CDABAEE3F02} - (no file)

      backup-20080302-221229-902
      O2 - BHO: (no name) - {1652DF22-AB39-4CE8-ABAB-532CCEDA50C8} - (no file)

      backup-20080302-221229-101
      O2 - BHO: (no name) - {1B200577-5BAE-4609-8D07-E1F7BF877677} - (no file)

      backup-20080302-221229-813
      O2 - BHO: (no name) - {08D75434-3FF1-4434-B27F-B5E409E3545A} - (no file)

      backup-20080302-221229-635
      O2 - BHO: (no name) - {12B61312-474E-4D59-B09F-0D6DFF5DCF1B} - (no file)

      backup-20080302-221229-467
      O2 - BHO: (no name) - {08D06A2A-8FDE-46F1-860A-E02677365255} - (no file)

      backup-20080302-221229-292
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)

      backup-20080222-184827-487
      O2 - BHO: (no name) - {6CA621F5-EEBB-4698-8FD1-A734A5D98907} - (no file)

      backup-20080222-184827-661
      O2 - BHO: (no name) - {6CF86B44-5B5D-4FB4-B25E-E01463110F93} - (no file)

      backup-20080222-184827-821
      O2 - BHO: (no name) - {5A0461DB-8837-4EF0-A8EC-19BA5CE0F439} - (no file)

      backup-20080222-184827-878
      O2 - BHO: (no name) - {69B87056-9371-421D-9190-A2E795B5DD6A} - (no file)

      backup-20080222-184827-434
      O2 - BHO: (no name) - {58E9AC24-5A2A-4908-9E3B-0633C0F8DF30} - (no file)

      backup-20080222-184827-191
      O2 - BHO: (no name) - {68F18C81-5E36-44B3-B8F2-30A4A9155F8F} - (no file)

      backup-20080222-184827-639
      O2 - BHO: (no name) - {6FA6CDCB-269A-4EAA-8D1A-C3C1A2D1B781} - (no file)

      backup-20080222-184827-447
      O2 - BHO: {b8f3fe8f-5950-fc28-ce74-3f5a2db8046c} - {c6408bd2-a5f3-47ec-82cf-0595f8ef3f8b} - C:\WINDOWS\system32\binrdsek.dll (file missing)

      backup-20080222-184827-735
      O2 - BHO: (no name) - {74ee2fa6-8257-457b-9f20-f03a0dcebb39} - (no file)

      backup-20080222-184827-240
      O2 - BHO: (no name) - {5820B760-038F-4231-B637-C0C18FD0484D} - (no file)

      backup-20080222-184827-671
      O2 - BHO: (no name) - {6F79388A-2343-4A98-BABA-B06926056BE3} - (no file)

      backup-20080222-184827-312
      O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

      backup-20080222-184827-962
      O2 - BHO: (no name) - {1E5F1BCA-BE89-4041-902E-6B73605C0E67} - (no file)

      backup-20080222-184827-354
      O2 - BHO: (no name) - {12B61312-474E-4D59-B09F-0D6DFF5DCF1B} - (no file)

      backup-20080222-184827-774
      O2 - BHO: (no name) - {3A1CF5A0-BA4D-4DA6-BBDE-A81F796DA4A0} - (no file)

      backup-20080222-184827-678
      O2 - BHO: (no name) - {1E4D9C3B-18F8-4FB6-AACB-0CDABAEE3F02} - (no file)

      backup-20080222-184827-674
      O2 - BHO: (no name) - {4A6184A4-CA96-41CA-A3F6-1B4C4292DD16} - (no file)

      backup-20080222-184827-617
      O2 - BHO: (no name) - {1CDE278E-E20D-43AD-90EB-E736E5419DED} - (no file)

      backup-20080222-184827-585
      O2 - BHO: (no name) - {37D8C41E-AA4F-496E-B4C3-63EC5B68F0CF} - (no file)

      backup-20080222-184827-467
      O2 - BHO: (no name) - {1652DF22-AB39-4CE8-ABAB-532CCEDA50C8} - (no file)

      backup-20080222-184827-403
      O2 - BHO: (no name) - {28E117E3-1E68-4BDE-9D45-D4A1162724DE} - (no file)

      backup-20080222-184827-392
      O2 - BHO: (no name) - {1B200577-5BAE-4609-8D07-E1F7BF877677} - (no file)

      backup-20080222-184827-375
      O2 - BHO: (no name) - {27C058B9-F401-4DB7-AA70-94AFF4037E0A} - (no file)

      backup-20080222-184827-225
      O2 - BHO: (no name) - {08D75434-3FF1-4434-B27F-B5E409E3545A} - (no file)

      backup-20080222-184827-805
      O2 - BHO: (no name) - {08D06A2A-8FDE-46F1-860A-E02677365255} - (no file)

      backup-20080222-184827-367
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)

      backup-20080222-184544-559
      O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

      ???????????????????????????????????????????4???????????????????????????????????????????????????????? ?????????????????????????????????????????

      backup-20080222-184544-820
      O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

      backup-20080222-184544-172
      O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe (file missing)

      backup-20080222-184544-608
      O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

      ???????????????????????????????????????????4???????????????????????????????????????????????????????? ?????????????????????????????????????????

      backup-20080222-184544-485
      O2 - BHO: (no name) - {F5348E6D-58DF-4369-B136-1D91953E64BD} - (no file)

      backup-20080222-184544-879
      O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe

      backup-20080222-184544-626
      O2 - BHO: (no name) - {F916B639-80E3-45C2-AFC0-6A82F5E52BE6} - (no file)

      backup-20080222-184544-544
      O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

      backup-20080222-184544-384
      O2 - BHO: (no name) - {F5A017D0-B363-4926-9542-04D58F809EDF} - (no file)

      backup-20080222-184544-901
      O3 - Toolbar: emotigt - {54BECB1C-D4EA-47B2-9B56-C6768144FDD5} - C:\WINDOWS\emotigt.dll (file missing)

      backup-20080222-184544-962
      O2 - BHO: (no name) - {E7623354-36ED-4CD1-9DA0-C2D8C310F64D} - (no file)

      backup-20080222-184544-609
      O2 - BHO: (no name) - {CADA40FD-D4F3-41B3-B3E6-A2E3D884F4AE} - (no file)

      backup-20080222-184544-706
      O2 - BHO: (no name) - {A5EF3C6F-BE56-437C-895E-9BF6481A13C6} - (no file)

      backup-20080222-184544-808
      O2 - BHO: (no name) - {D99FB8DB-B07D-4B15-9A42-E5AF7F82C7D6} - (no file)

      backup-20080222-184544-477
      O2 - BHO: (no name) - {DCDC4E07-8C35-4524-8ABF-7C982EA79A14} - (no file)

      backup-20080222-184544-471
      O2 - BHO: (no name) - {E2D1FE5D-B528-431B-B271-D841CBBBD2B6} - (no file)

      backup-20080222-184544-937
      R3 - URLSearchHook: (no name) - - (no file)

      backup-20080222-184544-342
      O2 - BHO: (no name) - {C64990EF-69F6-41CA-94A2-0DB0E03ECB19} - (no file)

      backup-20080222-184544-310
      O2 - BHO: (no name) - {872F73EB-3560-46DE-86E7-20333CAC2E7C} - (no file)

      backup-20080222-184544-225
      O2 - BHO: (no name) - {E4B30FA7-87DF-4DEA-B884-EC983445DDAC} - (no file)

      backup-20080222-184544-520
      O2 - BHO: (no name) - {B3734554-444B-4526-9D28-F97A155CD0C5} - (no file)
      Contents of the 'Scheduled Tasks' folder
      2008-02-22 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job

      ********************************************************************

      catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-02 22:18:12
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0


      ********************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
      "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pgsql-8.2]
      "ImagePath"="C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe runservice -w -N \"pgsql-8.2\" -D \"C:\XServer\PostgreSQL8.2\data\\""

      Completion time: 2008-03-02 22:20:08

      --- E O F ---

      Code:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:20:55, on 2-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal
      
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
      O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
      O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149674674703
      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0B761F64-C2DA-452C-A42C-CAEF513F8C40}: NameServer = 213.51.129.37,213.51.144.37
      O17 - HKLM\System\CCS\Services\Tcpip\..\{30AA6F96-BCB8-4FEA-8BD7-AE95A7FFD3AA}: NameServer = 213.51.129.37,213.51.144.37
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe (file missing)
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: ZendCoreApache - Apache Software Foundation - C:\Program Files\Zend\Apache2\bin\httpd.exe
      
      --
      End of file - 7488 bytes
      Last edited by BendeBoy; 03-03-08, 23:44. Reden: Code-tag weggehaald bij CF-Log

      Comment


      • #4
        Hi,

        Ik heb hier zelf ook lsat van late reacties plaatsen hoor...
        Ik heb trouwens je ComboFix-log tussen de code-tags weggehaald, dat kijkt namelijk wat makkerlijker na.

        Open een nieuw kladblok bestand.

        Kopieer en plak daarin de onderstaande code.
        Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.

        Code:
        File::
        C:\WINDOWS\fsxloqf.exe
        C:\WINDOWS\system32\zllictbl.dat
        C:\WINDOWS\system32\wbchha.dll
        C:\WINDOWS\system32\hmgltffy.dll
        C:\WINDOWS\system32\pmohgwtb.dll
        C:\WINDOWS\system32\ihbdugaa.dll
        C:\WINDOWS\system32\hgepqygr.dll
        C:\WINDOWS\system32\elipcjhq.dll
        C:\WINDOWS\system32\pjqytewb.dll
        C:\WINDOWS\system32\mwpiulbg.dll
        C:\WINDOWS\system32\cvqxgnup.dll
        C:\WINDOWS\system32\wlpuhioa.dll
        C:\WINDOWS\system32\mtnyuwac.dll
        C:\WINDOWS\system32\pmnlkli.dll
        C:\WINDOWS\system32\tndtrdxy.dll
        C:\WINDOWS\system32\mtosxlqj.dll
        C:\WINDOWS\system32\vsosaarj.dll
        C:\WINDOWS\system32\wxcocytn.dll
        C:\WINDOWS\system32\dppdpjoy.dll
        C:\WINDOWS\system32\hmrhsqup.dll
        C:\WINDOWS\system32\lrkjujhf.dll
        C:\WINDOWS\system32\rnkgword.dll
        C:\WINDOWS\system32\aeeecd2_d.dll
        C:\WINDOWS\system32\qcmwpyii.dll
        C:\WINDOWS\system32\dcac1_d.dll
        
        Folder::
        C:\Program Files\NetProject
        C:\Program Files\Helper
        
        Registry::
        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
        "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2445ce51]
        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



        Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
        Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

        Comment


        • #5
          Nou hier zijn de 2 logjes dan, en nu zonder Code tags. (Dacht is wat compacter )

          "Eigenaar" - 2008-03-04 8:37:46 Service Pack 2
          ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Eigenaar\"
          Command switches used :: ""C:\Documents and Settings\Eigenaar\Bureaublad\shortcuts\CFScript.txt""


          ((((((((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))


          2008-03-02 21:10 <DIR> d--hs---- C:\Documents and Settings\Eigenaar\Onlangs geopend
          2008-03-02 21:10 <DIR> d--hs---- C:\DOCUME~1\Eigenaar\Onlangs geopend
          2008-02-27 17:15 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
          2008-02-27 17:15 <DIR> d-------- C:\Program Files\Electronic Arts
          2008-02-22 15:25 90,112 --a------ C:\WINDOWS\fsxloqf.exe
          2008-02-22 15:25 253,952 --a------ C:\WINDOWS\admgcx.dll
          2008-02-22 15:24 <DIR> d-------- C:\Program Files\NetProject
          2008-02-22 15:24 <DIR> d-------- C:\Program Files\Helper
          2008-02-22 07:46 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
          2008-02-22 07:41 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\DAEMON Tools
          2008-02-21 20:47 <DIR> d-------- C:\Program Files\FDRLab
          2008-02-21 17:36 <DIR> d-------- C:\Program Files\YouTube Downloader
          2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
          2008-02-21 00:30 691,545 --a------ C:\WINDOWS\unins000.exe
          2008-02-21 00:30 2,546 --a------ C:\WINDOWS\unins000.dat


          (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

          2008-03-04 07:36:29 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Xfire
          2008-03-03 23:03:48 -------- d-----w C:\Program Files\eMule
          2008-03-03 22:56:18 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\SiteAdvisor
          2008-03-03 22:07:27 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\temp
          2008-03-03 20:27:05 -------- d-----w C:\Program Files\World of Warcraft
          2008-03-03 07:09:44 -------- d-s---w C:\Program Files\Xfire
          2008-03-02 20:09:59 -------- d-----w C:\Program Files\BeClean
          2008-03-02 18:50:48 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
          2008-02-22 15:57:33 -------- d-----w C:\Program Files\GameSpy Arcade
          2008-02-22 06:41:48 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
          2008-02-05 21:34:28 -------- d-----w C:\Program Files\Winamp
          2008-01-30 05:46:15 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
          2008-01-29 20:29:27 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Ashampoo
          2008-01-29 20:28:03 -------- d-----w C:\Program Files\Ashampoo
          2008-01-29 17:25:55 -------- d-----w C:\Program Files\Mozilla Thunderbird
          2008-01-25 06:07:37 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\IGN_DLM
          2008-01-18 18:45:53 13,312 --s-a-w C:\WINDOWS\system32\wbchha.dll
          2008-01-17 23:02:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
          2008-01-17 23:02:22 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
          2008-01-17 22:58:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
          2008-01-17 22:20:12 -------- d-----w C:\Program Files\Microsoft Works
          2008-01-17 10:48:58 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\FileZilla
          2008-01-17 10:42:58 -------- d-----w C:\Program Files\FileZilla Client
          2008-01-16 12:56:20 -------- d-----w C:\Program Files\Consumer Update Firmware
          2008-01-16 12:28:57 -------- d-----w C:\Program Files\AVIConverter
          2008-01-14 19:22:17 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\CoSoSys
          2008-01-11 21:50:38 -------- d-----w C:\Program Files\Steam
          2008-01-10 17:20:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-09 21:23:50 -------- d-----w C:\Program Files\Download Manager
          2008-01-09 21:02:37 -------- d-----w C:\Program Files\Comodo
          2008-01-09 20:50:38 -------- d-----w C:\Program Files\Microsoft Bootvis
          2008-01-07 17:37:37 -------- d-----w C:\Program Files\Common Files\InstallShield
          2008-01-07 12:10:08 -------- d-----w C:\Program Files\TMF Music Messenger
          2008-01-07 12:10:08 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\InterTalk
          2008-01-07 10:37:54 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\teamspeak2
          2008-01-06 23:30:57 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\aignes
          2007-12-20 14:15:06 21,058 ----a-w C:\WINDOWS\mozver.dat
          2007-12-16 10:15:37 46 ----a-w C:\WINDOWS\system32\DonationCoder_processtamer_InstallInfo.dat
          2007-12-14 21:58:57 85,568 ----a-w C:\WINDOWS\system32\hmgltffy.dll
          2007-12-13 22:01:31 85,568 ----a-w C:\WINDOWS\system32\pmohgwtb.dll
          2007-12-13 21:58:33 80,448 ----a-w C:\WINDOWS\system32\ihbdugaa.dll
          2007-12-12 22:01:46 85,568 ----a-w C:\WINDOWS\system32\hgepqygr.dll
          2007-12-11 22:02:36 85,568 ----a-w C:\WINDOWS\system32\elipcjhq.dll
          2007-12-11 21:59:32 80,448 ----a-w C:\WINDOWS\system32\pjqytewb.dll
          2007-12-10 21:59:09 85,568 ----a-w C:\WINDOWS\system32\mwpiulbg.dll
          2007-12-10 21:56:10 80,448 ----a-w C:\WINDOWS\system32\cvqxgnup.dll
          2007-12-09 22:02:04 85,568 ----a-w C:\WINDOWS\system32\wlpuhioa.dll
          2007-12-08 19:54:31 80,448 ----a-w C:\WINDOWS\system32\mtnyuwac.dll
          2007-12-08 15:09:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
          2007-12-08 12:32:42 23,728 ----a-w C:\WINDOWS\system32\pmnlkli.dll
          2007-12-07 19:48:35 85,568 ----a-w C:\WINDOWS\system32\tndtrdxy.dll
          2007-12-07 19:45:36 80,448 ----a-w C:\WINDOWS\system32\mtosxlqj.dll
          2007-12-06 20:00:50 80,448 ----a-w C:\WINDOWS\system32\vsosaarj.dll
          2007-12-05 19:57:03 81,984 ----a-w C:\WINDOWS\system32\wxcocytn.dll
          2007-12-05 19:54:05 85,568 ----a-w C:\WINDOWS\system32\dppdpjoy.dll
          2007-12-04 19:59:28 85,568 ----a-w C:\WINDOWS\system32\hmrhsqup.dll
          2007-12-04 19:53:30 79,424 ----a-w C:\WINDOWS\system32\lrkjujhf.dll
          2007-10-14 18:06:19 23 --sha-w C:\WINDOWS\system32\dcac1_d.dll
          2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
          2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
          2004-08-03 23:03:34 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe


          (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


          *Note* empty entries & legit default entries are not shown

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
          {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 22:08]
          {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 14:30]
          {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 11:43]
          {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-01-23 00:28]
          {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 19:33]
          {AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 22:20]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
          "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "AllowLegacyWebView"=1 (0x1)
          "AllowUnhashedWebView"=1 (0x1)

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
          "MaxRecentDocs"=11 (0xb)

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
          Authentication Packages msv1_0 C:\WINDOWS\system32\ssttq.dll

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Snelle start.lnk]
          backup=C:\WINDOWS\pss\Adobe Acrobat Snelle start.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2445ce51]
          rundll32.exe "C:\WINDOWS\system32\soarchtd.dll",b

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
          %systemroot%\system32\dumprep 0 -k

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
          C:\WINDOWS\SiSUSBrg.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
          "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
          "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
          "Steam"="c:\program files\steam\steam.exe" -silent

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          "nwiz"=nwiz.exe /install
          "SoundMan"=SOUNDMAN.EXE
          "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
          AutoRun\command- G:\Installer.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
          AutoRun\command- I:\Installer.exe

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd2c350-f645-11da-a2ca-000feafc3873}]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a770ec45-0fe3-11db-a30f-001217968a10}]


          Contents of the 'Scheduled Tasks' folder
          2008-02-22 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job

          ********************************************************************

          catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-04 08:43:14
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files: 0


          ********************************************************************

          [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
          "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

          [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pgsql-8.2]
          "ImagePath"="C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe runservice -w -N \"pgsql-8.2\" -D \"C:\XServer\PostgreSQL8.2\data\\""

          Completion time: 2008-03-04 8:58:17
          C:\ComboFix2.txt ... 2008-03-02 22:20

          --- E O F ---



          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 8:59:59, on 4-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
          O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
          O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
          O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
          O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
          O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149674674703
          O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{0B761F64-C2DA-452C-A42C-CAEF513F8C40}: NameServer = 213.51.129.37,213.51.144.37
          O17 - HKLM\System\CCS\Services\Tcpip\..\{30AA6F96-BCB8-4FEA-8BD7-AE95A7FFD3AA}: NameServer = 213.51.129.37,213.51.144.37
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe (file missing)
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          O23 - Service: ZendCoreApache - Apache Software Foundation - C:\Program Files\Zend\Apache2\bin\httpd.exe

          --
          End of file - 7570 bytes

          Comment


          • #6
            Hi,

            Blijkbaar is het niet goed gegaan... Zal je ComboFix en CFScript op je bureaublad willen plaatsen? Dus niet in sub-mappen e.d... Voor daarna nogmaals de instructies uit en sleep CFScript in ComboFix.

            Comment


            • #7
              Hoop dat het nu goed is:

              ComboFix 08-03-04.3 - Eigenaar 2008-03-04 19:16:26.1 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.352 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
              * Nieuw herstelpunt werd aangemaakt

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

              FILE ::
              C:\WINDOWS\fsxloqf.exe
              C:\WINDOWS\system32\aeeecd2_d.dll
              C:\WINDOWS\system32\cvqxgnup.dll
              C:\WINDOWS\system32\dcac1_d.dll
              C:\WINDOWS\system32\dppdpjoy.dll
              C:\WINDOWS\system32\elipcjhq.dll
              C:\WINDOWS\system32\hgepqygr.dll
              C:\WINDOWS\system32\hmgltffy.dll
              C:\WINDOWS\system32\hmrhsqup.dll
              C:\WINDOWS\system32\ihbdugaa.dll
              C:\WINDOWS\system32\lrkjujhf.dll
              C:\WINDOWS\system32\mtnyuwac.dll
              C:\WINDOWS\system32\mtosxlqj.dll
              C:\WINDOWS\system32\mwpiulbg.dll
              C:\WINDOWS\system32\pjqytewb.dll
              C:\WINDOWS\system32\pmnlkli.dll
              C:\WINDOWS\system32\pmohgwtb.dll
              C:\WINDOWS\system32\qcmwpyii.dll
              C:\WINDOWS\system32\rnkgword.dll
              C:\WINDOWS\system32\tndtrdxy.dll
              C:\WINDOWS\system32\vsosaarj.dll
              C:\WINDOWS\system32\wbchha.dll
              C:\WINDOWS\system32\wlpuhioa.dll
              C:\WINDOWS\system32\wxcocytn.dll
              C:\WINDOWS\system32\zllictbl.dat
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
              C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
              C:\Program Files\Helper
              C:\Program Files\NetProject
              C:\Program Files\NetProject\ot.ico
              C:\Program Files\NetProject\sbmdl.dll
              C:\Program Files\NetProject\sbmntr.exe
              C:\Program Files\NetProject\sbsm.exe
              C:\Program Files\NetProject\sbun.exe
              C:\Program Files\NetProject\scit.exe
              C:\Program Files\NetProject\scm.exe
              C:\Program Files\NetProject\scu.exe
              C:\Program Files\NetProject\ts.ico
              C:\Program Files\NetProject\wamdl.dll
              C:\Program Files\NetProject\waun.exe
              C:\WINDOWS\admgcx.dll
              C:\WINDOWS\fsxloqf.exe
              C:\WINDOWS\rs.txt
              C:\WINDOWS\system32\aeeecd2_d.dll
              C:\WINDOWS\system32\bawwpclg.dll
              C:\WINDOWS\system32\cvqxgnup.dll
              C:\WINDOWS\system32\dcac1_d.dll
              C:\WINDOWS\system32\dppdpjoy.dll
              C:\WINDOWS\system32\efcbxxx.dll
              C:\WINDOWS\system32\elipcjhq.dll
              C:\WINDOWS\system32\hgepqygr.dll
              C:\WINDOWS\system32\hmgltffy.dll
              C:\WINDOWS\system32\hmrhsqup.dll
              C:\WINDOWS\system32\ihbdugaa.dll
              C:\WINDOWS\system32\jjfuvbry.dll
              C:\WINDOWS\system32\lrkjujhf.dll
              C:\WINDOWS\system32\mtnyuwac.dll
              C:\WINDOWS\system32\mtosxlqj.dll
              C:\WINDOWS\system32\mwpiulbg.dll
              C:\WINDOWS\system32\pjqytewb.dll
              C:\WINDOWS\system32\pmnlkli.dll
              C:\WINDOWS\system32\pmohgwtb.dll
              C:\WINDOWS\system32\qcmwpyii.dll
              C:\WINDOWS\system32\rnkgword.dll
              C:\WINDOWS\system32\tndtrdxy.dll
              C:\WINDOWS\system32\vsosaarj.dll
              C:\WINDOWS\system32\wbchha.dll
              C:\WINDOWS\system32\wlpuhioa.dll
              C:\WINDOWS\system32\wxcocytn.dll
              C:\WINDOWS\system32\xiyrrxga.dll
              C:\WINDOWS\system32\zllictbl.dat

              ----- BITS: Mogelijk geïnfecteerde sites -----

              hxxp://softworldnetwork.com
              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_DOMAINSERVICE


              (((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
              .

              2008-03-02 21:10 . 2008-03-04 17:30 <DIR> d--hs---- C:\Documents and Settings\Eigenaar\Onlangs geopend
              2008-02-27 17:15 . 2008-02-27 17:15 <DIR> d-------- C:\Program Files\Electronic Arts
              2008-02-27 17:15 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
              2008-02-27 14:34 . 2008-03-04 17:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2008-02-27 14:34 . 2008-02-27 14:34 1,409 --a------ C:\WINDOWS\QTFont.for
              2008-02-22 15:25 . 2008-02-20 23:56 323,584 --a------ C:\WINDOWS\dmdvpnslp.dll.vzr
              2008-02-22 07:46 . 2008-02-22 07:46 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
              2008-02-22 07:41 . 2008-02-22 07:41 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\DAEMON Tools
              2008-02-21 20:47 . 2008-02-21 20:47 <DIR> d-------- C:\Program Files\FDRLab
              2008-02-21 17:36 . 2008-02-27 18:07 <DIR> d-------- C:\Program Files\YouTube Downloader
              2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
              2008-02-21 00:30 . 2008-02-21 00:17 691,545 --a------ C:\WINDOWS\unins000.exe
              2008-02-21 00:30 . 2008-02-21 00:30 2,546 --a------ C:\WINDOWS\unins000.dat

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-03-04 18:24 364,004 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
              2008-03-04 18:24 31,574,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
              2008-03-04 18:09 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\SiteAdvisor
              2008-03-04 16:34 --------- d-----w C:\Program Files\eMule
              2008-03-04 16:29 --------- d-----w C:\Program Files\BeClean
              2008-03-04 07:36 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Xfire
              2008-03-03 22:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\temp
              2008-03-03 20:27 --------- d-----w C:\Program Files\World of Warcraft
              2008-03-03 07:09 --------- d-s---w C:\Program Files\Xfire
              2008-03-02 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
              2008-02-24 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-02-22 15:57 --------- d-----w C:\Program Files\GameSpy Arcade
              2008-02-22 06:41 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
              2008-02-21 06:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
              2008-02-05 21:34 --------- d-----w C:\Program Files\Winamp
              2008-01-30 05:46 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
              2008-01-29 20:29 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ashampoo
              2008-01-29 20:28 --------- d-----w C:\Program Files\Ashampoo
              2008-01-29 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
              2008-01-29 17:25 --------- d-----w C:\Program Files\Mozilla Thunderbird
              2008-01-25 06:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\IGN_DLM
              2008-01-17 23:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
              2008-01-17 22:20 --------- d-----w C:\Program Files\Microsoft Works
              2008-01-17 10:48 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\FileZilla
              2008-01-17 10:42 --------- d-----w C:\Program Files\FileZilla Client
              2008-01-16 12:56 --------- d-----w C:\Program Files\Consumer Update Firmware
              2008-01-16 12:28 --------- d-----w C:\Program Files\AVIConverter
              2008-01-14 19:22 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\CoSoSys
              2008-01-11 21:50 --------- d-----w C:\Program Files\Steam
              2008-01-10 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-01-09 21:23 --------- d-----w C:\Program Files\Download Manager
              2008-01-09 21:02 --------- d-----w C:\Program Files\Comodo
              2008-01-09 20:50 --------- d-----w C:\Program Files\Microsoft Bootvis
              2008-01-07 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
              2008-01-07 17:37 --------- d-----w C:\Program Files\Common Files\InstallShield
              2008-01-07 12:10 --------- d-----w C:\Program Files\TMF Music Messenger
              2008-01-07 12:10 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\InterTalk
              2008-01-07 10:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\teamspeak2
              2008-01-06 23:30 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\aignes
              2007-04-20 21:31 298,138 ----a-w C:\Documents and Settings\Eigenaar\Garfield_WinXP.zip
              2004-08-03 23:03 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
              2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
              2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
              .

              ------- Sigcheck -------

              27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys
              ----a-w 360,448 2006-01-13 17:07:08 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
              -c--a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
              -c--a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\SoftwareDistribution\Download\beb75b6ea1802d94b3c1668aafd46658\sp2gdr\tcpip.sys
              -c--a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\SoftwareDistribution\Download\beb75b6ea1802d94b3c1668aafd46658\sp2qfe\tcpip.sys
              -c--a-w 359,040 2007-12-08 12:31:14 C:\WINDOWS\system32\dllcache\tcpip.sys
              ----a-w 359,040 2007-12-08 12:31:14 C:\WINDOWS\system32\drivers\tcpip.sys
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
              {47833539-D0C5-4125-9FA8-0819E2EAAC93}
              {95188727-288F-4581-A48D-EAB3BD027314}
              {81705D67-3F73-4983-859B-97D0922E5ABE}

              [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
              "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57 1103480]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

              C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
              Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-02-21 02:57:28 2945872]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "AllowLegacyWebView"= 1 (0x1)
              "AllowUnhashedWebView"= 1 (0x1)

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
              "MaxRecentDocs"= 11 (0xb)

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Snelle start.lnk]
              backup=C:\WINDOWS\pss\Adobe Acrobat Snelle start.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk]

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
              C:\WINDOWS\system32\dumprep 0 -k

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
              --a------ 2002-07-12 17:15 106496 C:\WINDOWS\SiSUSBrg.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
              --a------ 2007-11-14 16:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
              "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
              "Steam"="c:\program files\steam\steam.exe" -silent

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
              "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              "nwiz"=nwiz.exe /install
              "SoundMan"=SOUNDMAN.EXE
              "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

              [HKEY_LOCAL_MACHINE\software\microsoft\security center]
              "AntiVirusDisableNotify"=dword:00000001
              "UpdatesDisableNotify"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
              "DisableMonitoring"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "C:\\Program Files\\eMule\\emule.exe"=
              "C:\\Program Files\\BitComet\\BitComet.exe"=
              "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
              "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
              "18566:TCP"= 18566:TCP:BitComet 18566 TCP
              "18566:UDP"= 18566:UDP:BitComet 18566 UDP

              R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
              R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 19:50]
              S2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
              S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
              S3 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 16:26]
              S3 pgsql-8.2;PostgreSQL Database Server 8.2;C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe runservice -w -N "pgsql-8.2" -D "C:\XServer\PostgreSQL8.2\data\"
              S3 rockusb;Driver for rockusb Device;C:\WINDOWS\system32\DRIVERS\rockusb.sys [2006-03-22 19:57]
              S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 16:23]
              S3 WUSB54GV4SRV;WUSB54GV4SRV;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 19:50]
              S4 Kbddav;Kbddav;C:\WINDOWS\system32\drivers\cdfs.sys [2004-08-03 22:14]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
              \Shell\AutoRun\command - G:\Installer.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
              \Shell\AutoRun\command - I:\Installer.exe

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a770ec45-0fe3-11db-a30f-001217968a10}]
              \Shell\AutoRun\command - F:\autorun.exe

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-02-22 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
              - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-03-04 19:26:59
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************

              [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
              "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              .
              **************************************************************************
              .
              Voltooingstijd: 2008-03-04 19:32:13 - machine was rebooted [Eigenaar]
              ComboFix-quarantined-files.txt 2008-03-04 18:32:07
              ComboFix2.txt 2008-03-04 07:58:18





              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 19:35:41, on 4-3-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\explorer.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
              O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
              O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
              O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
              O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
              O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
              O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
              O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
              O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
              O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
              O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
              O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149674674703
              O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{0B761F64-C2DA-452C-A42C-CAEF513F8C40}: NameServer = 213.51.129.37,213.51.144.37
              O17 - HKLM\System\CCS\Services\Tcpip\..\{30AA6F96-BCB8-4FEA-8BD7-AE95A7FFD3AA}: NameServer = 213.51.129.37,213.51.144.37
              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe (file missing)
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              O23 - Service: ZendCoreApache - Apache Software Foundation - C:\Program Files\Zend\Apache2\bin\httpd.exe

              --
              End of file - 7750 bytes

              Comment


              • #8
                Hoi ik neem het even over

                Verwijder dit bestand:
                C:\WINDOWS\dmdvpnslp.dll.vzr

                Maak dan je prullenbak leeg.

                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
                O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Je Java software is verouderd.
                Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Post als laatste nog een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  bedankt voor het terugplaatsen

                  Hier is een nieuw logje:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 14:14:40, on 29-3-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\nvsvc32.exe
                  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\eMule\emule.exe
                  C:\Program Files\MSN Messenger\usnsvc.exe
                  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
                  O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                  O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
                  O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                  O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                  O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
                  O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
                  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149674674703
                  O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
                  O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{0B761F64-C2DA-452C-A42C-CAEF513F8C40}: NameServer = 213.51.129.37,213.51.144.37
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{30AA6F96-BCB8-4FEA-8BD7-AE95A7FFD3AA}: NameServer = 213.51.129.37,213.51.144.37
                  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                  O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\XServer\PostgreSQL8.2\bin\pg_ctl.exe (file missing)
                  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                  O23 - Service: ZendCoreApache - Apache Software Foundation - C:\Program Files\Zend\Apache2\bin\httpd.exe

                  --
                  End of file - 7774 bytes

                  Comment


                  • #10
                    Logje ziet er schoon uit

                    Zijn alle problemen voorbij?

                    Comment


                    • #11
                      Nou het is mooi dat het logje er schoon uit ziet.
                      Zal het probleem i.v.m. traag opstarten ergens anders aan liggen.

                      Comment


                      • #12
                        Misschien deze handleiding eens langslopen:

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X