Mededeling

Collapse
No announcement yet.

cid probleem popup

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • cid probleem popup

    steeds komt er cid popup tevoorschijn..
    kunnen jullie mij helpen?
    thaLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:54:16, on 24/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\WINDOWS\sprscore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\InternetAnonymizer\GIAProxyService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\rundys32.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: InternetAnonymizer - {7873A33B-E2A1-4a0b-A418-B6378908ABAD} - C:\Program Files\InternetAnonymizer\GIAToolBar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [gretinit] C:\WINDOWS\sprscore.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [part way] C:\DOCUME~1\Eigenaar\APPLIC~1\BLUEDR~1\MODE POKE TRAY.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} (Quest3DCtlr2 Class) - http://www.quest3d.com/webplugin/download/quest3dactivex2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173199662296
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5204/mcfscan.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    O23 - Service: GIA Proxy Service (GIAProxyService) - InternetAnonymizer Corporation - C:\Program Files\InternetAnonymizer\GIAProxyService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

    --
    End of file - 12991 bytes
    nks

  • #2
    Download Combofix naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door Yes te klikken.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.
    Last edited by Steggel; 25-02-08, 06:52.

    Comment


    • #3
      ComboFix 08-02-25.3 - Eigenaar 2008-02-26 2:34:46.3 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.359 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\drivers\npf.sys
      C:\WINDOWS\system32\packet.dll
      C:\WINDOWS\system32\WanPacket.dll
      C:\WINDOWS\system32\wpcap.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_NPF
      -------\NPF


      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))
      .

      2008-02-25 15:26 . 2008-02-25 15:26 279 --a------ C:\Snelkoppeling naar Data (D).lnk
      2008-02-24 22:39 . 2008-02-25 18:41 <DIR> d-------- C:\Program Files\Hijack This
      2008-02-24 22:37 . 2008-02-24 22:37 <DIR> d-------- C:\deljob
      2008-02-22 23:12 . 2008-02-26 02:40 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
      2008-02-22 22:58 . 2008-02-25 18:49 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
      2008-02-22 18:18 . 2008-02-22 18:18 <DIR> d-------- C:\Program Files\Zards software
      2008-02-19 18:38 . 2008-02-25 01:18 50 --a------ C:\plug_in.ini
      2008-02-19 01:32 . 2008-02-19 01:32 <DIR> d-------- C:\Program Files\RAR Password Cracker
      2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Archivos de programa
      2008-02-18 21:38 . 2008-02-18 23:33 <DIR> d-------- C:\Program Files\VirtualDJ
      2008-02-18 09:47 . 2008-02-18 09:51 <DIR> d-------- C:\WINDOWS\fontvect
      2008-02-18 01:18 . 2008-02-18 01:18 <DIR> d-------- C:\Program Files\Cool MP3 Splitter
      2008-02-17 23:56 . 2008-02-17 23:58 <DIR> d-------- C:\Program Files\coolpro2
      2008-02-17 00:03 . 2008-02-17 00:03 <DIR> d-------- C:\Program Files\WinConfig
      2008-02-17 00:03 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
      2008-02-17 00:02 . 2008-02-17 00:02 <DIR> d-------- C:\Program Files\Spytech Software
      2008-02-16 20:14 . 2008-02-16 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
      2008-02-15 09:19 . 2008-02-15 09:19 <DIR> d-------- C:\Program Files\Circle Developement
      2008-02-15 09:19 . 2008-02-15 09:19 <DIR> d-------- C:\Program Files\bluedrive
      2008-02-15 09:19 . 2008-02-15 09:19 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\bluedrive
      2008-02-15 09:19 . 2008-02-15 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
      2008-02-15 08:21 . 2008-02-15 08:21 <DIR> d-------- C:\WINDOWS\system32\riched20
      2008-02-15 08:21 . 1999-07-16 19:42 285,696 --a------ C:\WINDOWS\system32\riched20\riched20.dll
      2008-02-15 08:21 . 2004-02-08 15:44 3,108 --a------ C:\WINDOWS\system32\riched20\readme.txt
      2008-02-15 07:52 . 2008-02-15 07:52 <DIR> d-------- C:\Program Files\Windows Live Favorites
      2008-02-14 20:03 . 2008-02-14 20:03 26 --a------ C:\UpdaterforApp.ini
      2008-02-14 00:00 . 2008-02-14 00:00 <DIR> d-------- C:\Program Files\Real
      2008-02-14 00:00 . 2008-02-14 00:00 <DIR> d-------- C:\Program Files\Common Files\xing shared
      2008-02-14 00:00 . 2008-02-14 00:00 <DIR> d-------- C:\Program Files\Common Files\Real
      2008-02-13 20:29 . 2008-02-13 20:29 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Corel
      2008-02-13 20:29 . 2008-02-16 21:53 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
      2008-02-13 20:29 . 2008-02-16 21:53 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\6A8C24E8D0.sys
      2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Program Files\Common Files\Protexis
      2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
      2008-02-13 19:01 . 2008-02-13 19:01 <DIR> d-------- C:\Program Files\Common Files\Corel
      2008-02-10 11:04 . 2008-02-22 01:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
      2008-02-09 06:14 . 2008-02-09 06:14 <DIR> d-------- C:\Program Files\Analog Devices
      2008-02-09 06:14 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
      2008-02-09 06:14 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
      2008-02-09 06:14 . 2005-09-26 16:20 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
      2008-02-09 06:14 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
      2008-02-09 06:12 . 2005-08-11 17:16 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
      2008-02-09 06:12 . 2005-08-11 17:17 393,088 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
      2008-02-09 06:12 . 2005-08-11 17:13 141,312 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
      2008-02-09 06:12 . 2005-08-11 17:14 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
      2008-02-08 04:10 . 2008-02-08 04:10 <DIR> d-------- C:\Program Files\Paint.NET
      2008-02-08 01:44 . 2008-02-08 01:44 <DIR> d-------- C:\Program Files\Microsoft Works
      2008-02-08 01:41 . 2008-02-08 01:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
      2008-02-08 01:40 . 2008-02-08 01:40 <DIR> dr-h----- C:\MSOCache
      2008-02-07 13:41 . 2008-02-07 13:41 754 --a------ C:\WINDOWS\WORDPAD.INI
      2008-02-06 14:54 . 2008-02-06 14:54 <DIR> d-------- C:\Documents and Settings\Eigenaar\Windows XP and Office Registry Entries [h33t] [dinguskull]
      2008-02-06 14:53 . 2008-02-06 14:53 <DIR> d-------- C:\Documents and Settings\Eigenaar\Microsoft Office 2007 Activation Crack
      2008-02-05 23:08 . 2008-02-22 18:22 <DIR> d-------- C:\Documents and Settings\Eigenaar\MS Office 2007 Professional Plus + Expression Web
      2008-02-05 20:25 . 2008-02-05 20:27 326,816 --a------ C:\Documents and Settings\Eigenaar\Microsoft Office 2007 Activation Crack.zip
      2008-02-05 20:05 . 2008-02-05 20:05 <DIR> d-------- C:\Program Files\Shareaza Applications
      2008-02-05 20:05 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
      2008-02-05 08:50 . 2008-02-13 03:01 422 --a------ C:\WINDOWS\system32\mapisvc.inf
      2008-02-05 08:49 . 2008-02-05 08:49 <DIR> d-------- C:\Program Files\Microsoft Small Business
      2008-02-05 03:44 . 2008-02-05 03:44 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\SoundSpectrum
      2008-02-05 03:43 . 2008-02-05 03:43 <DIR> d-------- C:\Program Files\SoundSpectrum
      2008-02-05 00:13 . 2008-02-05 00:47 <DIR> d-------- C:\Program Files\Microsoft.NET
      2008-02-04 23:23 . 2008-02-04 23:34 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\OpenOffice.org2
      2008-02-04 23:21 . 2008-02-04 23:34 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
      2008-02-04 19:06 . 2008-02-04 19:06 11,776 --ahs---- C:\Thumbs.db
      2008-02-03 18:16 . 2008-02-03 18:16 <DIR> d-------- C:\Program Files\PDF
      2008-02-03 18:16 . 2008-02-03 18:16 <DIR> d-------- C:\Program Files\Common Files\Ahead
      2008-02-03 15:16 . 2008-02-03 15:16 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\HP
      2008-02-03 15:12 . 2008-02-03 15:16 159,621 --a------ C:\WINDOWS\hphins24.dat
      2008-02-03 15:12 . 2008-01-16 21:19 893 --------- C:\WINDOWS\hphmdl24.dat
      2008-02-02 16:05 . 2008-02-03 18:16 <DIR> d-------- C:\Documents and Settings\Eigenaar\Mijn documenten
      2008-02-02 14:19 . 2008-02-02 14:19 <DIR> d-------- C:\Program Files\Nero
      2008-02-02 14:19 . 2008-02-03 18:16 <DIR> d-------- C:\Program Files\Common Files\Nero
      2008-02-02 07:05 . 2008-02-03 18:16 <DIR> d-------- C:\Program Files\LimeWire
      2008-02-02 06:19 . 2008-02-02 06:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
      2008-02-02 01:30 . 2008-02-03 18:16 <DIR> d-------- C:\Program Files\AudioLabel
      2008-01-29 06:05 . 2008-01-29 06:05 <DIR> d-------- C:\Program Files\Audacity
      2008-01-28 08:55 . 2008-01-28 08:55 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
      2008-01-27 05:31 . 2008-01-27 05:31 <DIR> d-------- C:\HP CM8060 MFP with Edgeline

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-25 07:00 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
      2008-02-24 20:16 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-23 14:09 --------- d-----w C:\Program Files\MSN Messenger
      2008-02-22 22:02 --------- d-----w C:\Program Files\Yahoo!
      2008-02-22 22:01 --------- d-----w C:\Program Files\Windows Live
      2008-02-22 17:22 --------- d-----w C:\Program Files\InternetAnonymizer
      2008-02-22 17:22 --------- d-----w C:\Program Files\GetRight
      2008-02-22 17:22 --------- d-----w C:\Program Files\3D MP3 Sound Recorder G2
      2008-02-22 17:22 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Skype
      2008-02-22 17:22 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWire
      2008-02-19 16:57 470 ----a-w C:\Program Files\action.log
      2008-02-19 15:32 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Shareaza
      2008-02-18 22:17 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\WizzTones
      2008-02-17 23:08 --------- d-----w C:\Program Files\TuneUp Utilities 2007
      2008-02-17 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-16 23:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-16 19:13 --------- d-----w C:\Program Files\TomTom HOME 2
      2008-02-15 08:19 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-02-15 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-15 06:52 --------- d-----w C:\Program Files\Windows Live Toolbar
      2008-02-14 18:52 --------- d-----w C:\Program Files\Common Files\ArcSoft
      2008-02-14 18:52 --------- d-----w C:\Program Files\ArcSoft
      2008-02-13 18:00 --------- d-----w C:\Program Files\Corel
      2008-02-13 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-02-10 06:02 --------- d-----w C:\Program Files\Hitman Pro
      2008-02-07 23:08 --------- d-----w C:\Program Files\ESET
      2008-02-06 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
      2008-02-06 02:03 --------- d-----w C:\Program Files\Microsoft SQL Server
      2008-02-05 19:05 --------- d-----w C:\Program Files\Shareaza
      2008-02-04 22:33 --------- d-----w C:\Program Files\Winamp
      2008-02-03 17:16 --------- d-----w C:\Program Files\Common Files\soft602
      2008-02-03 14:14 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-02-03 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
      2008-02-02 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-02-02 13:07 --------- d-----w C:\Program Files\Ahead
      2008-01-26 23:39 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\VersionTracker Pro
      2008-01-25 18:28 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\WinButler
      2008-01-23 23:05 --------- d-----w C:\Documents and Settings\Gast\Application Data\Skype
      2008-01-23 23:04 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\GetRightToGo
      2008-01-20 03:31 2,828 ----a-w C:\Program Files\sponsor.html
      2008-01-19 15:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-01-19 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-19 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
      2008-01-18 22:01 --------- d-----w C:\Program Files\Defraggler
      2008-01-15 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-01-15 22:38 --------- d-----w C:\Program Files\Enigma Software Group
      2008-01-14 18:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-01-13 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-13 21:35 --------- d-----w C:\Program Files\Lavasoft
      2008-01-13 21:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-13 21:35 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Lavasoft
      2008-01-13 20:47 --------- d-----w C:\Program Files\CCleaner
      2008-01-13 20:36 --------- d-----w C:\Program Files\Common Files\InternetAnonymizer
      2008-01-13 20:16 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\InternetAnonymizer
      2008-01-13 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\InternetAnonymizer
      2008-01-11 05:58 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2008-01-10 02:02 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2008-01-09 18:10 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nokia Multimedia Player
      2008-01-09 13:31 4,800,512 ----a-w C:\WINDOWS\sspro.exe
      2008-01-09 10:25 --------- d-----w C:\Program Files\Common Files\Download Manager
      2008-01-09 10:17 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\PrevxCSI
      2008-01-09 03:34 --------- d-----w C:\Program Files\3B Software
      2008-01-09 01:55 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
      2008-01-09 01:55 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
      2008-01-08 23:07 --------- d-----w C:\Program Files\Uniblue
      2008-01-08 22:50 37,376 ----a-w C:\WINDOWS\kpsys32.dll
      2008-01-08 22:50 196,608 ----a-w C:\WINDOWS\kpcp32.dll
      2008-01-08 22:50 17,700 ----a-w C:\WINDOWS\system32\drivers\dmx3191.sys
      2008-01-08 22:50 133,120 ----a-w C:\WINDOWS\sprof32.dll
      2008-01-08 22:50 12,128 ----a-w C:\WINDOWS\system32\drivers\aec671x.sys
      2008-01-08 22:50 104,448 ----a-w C:\WINDOWS\twain32.dll
      2008-01-08 18:38 76,260 ----a-w C:\WINDOWS\system32\drivers\udnt.sys
      2008-01-08 18:38 62,592 ----a-w C:\WINDOWS\system32\drivers\umaxis11.sys
      2008-01-08 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
      2008-01-08 17:23 --------- d-----w C:\Program Files\DVDCoverPrint
      2008-01-08 00:32 --------- d-----w C:\Program Files\FlashGet
      2008-01-08 00:32 --------- d-----w C:\Program Files\DivX
      2008-01-07 20:27 --------- d-----w C:\Program Files\QuickTime
      2008-01-07 19:35 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
      2008-01-06 12:02 --------- d-----w C:\Program Files\Microsoft Bootvis
      2008-01-06 11:32 --------- d-----w C:\Program Files\SoftActivity
      2008-01-06 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ArcSoft
      2008-01-06 01:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Arcsoft
      2008-01-05 19:55 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nokia
      2008-01-05 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
      2008-01-05 19:48 --------- d-----w C:\Program Files\Nokia
      2008-01-05 19:48 --------- d-----w C:\Program Files\Common Files\Nokia
      2008-01-05 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
      2008-01-05 18:38 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3293.sys
      2008-01-05 18:38 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2008-01-05 18:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\.bittorrent
      2008-01-05 18:32 --------- d-----w C:\Program Files\BitTorrent
      2007-12-29 06:28 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\DMCache
      2007-12-27 23:00 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\PC Suite
      2007-12-27 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
      2007-12-22 22:39 20,583 ----a-w C:\WINDOWS\sysk32.dll
      2007-12-19 03:31 4 ----a-w C:\Documents and Settings\All Users\Application Data\winam.dat
      2007-12-09 15:29 434,176 ----a-w C:\WINDOWS\rundys32.exe
      2007-12-09 15:28 753,664 ----a-w C:\WINDOWS\sprscore.exe
      2007-12-09 15:25 131,072 ----a-w C:\WINDOWS\winfsysrn.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {2318C2B1-4965-11D4-9B18-009027A5CD4F}
      {7873A33B-E2A1-4A0B-A418-B6378908ABAD}
      {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

      [HKEY_CLASSES_ROOT\clsid\{7873a33b-e2a1-4a0b-a418-b6378908abad}]
      [HKEY_CLASSES_ROOT\GIAN.GIANObj.1]
      [HKEY_CLASSES_ROOT\TypeLib\{A525A3D8-1A0E-43ff-B46A-5DF8D187B8C8}]
      [HKEY_CLASSES_ROOT\GIAN.GIANObj]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{7873A33B-E2A1-4A0B-A418-B6378908ABAD}"= C:\Program Files\InternetAnonymizer\GIAToolBar.dll [2007-12-17 18:01 323584]

      [HKEY_CLASSES_ROOT\clsid\{7873a33b-e2a1-4a0b-a418-b6378908abad}]
      [HKEY_CLASSES_ROOT\GIAN.GIANObj.1]
      [HKEY_CLASSES_ROOT\TypeLib\{A525A3D8-1A0E-43ff-B46A-5DF8D187B8C8}]
      [HKEY_CLASSES_ROOT\GIAN.GIANObj]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-11 00:07 15360]
      "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-01-29 12:20 361832]
      "part way"="C:\DOCUME~1\Eigenaar\APPLIC~1\BLUEDR~1\MODE POKE TRAY.exe" [2008-02-15 09:19 423424]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 16:20 579072]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-08-11 17:15 925696]
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-14 00:00 185896]
      "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-01-16 17:19 72192]
      "gretinit"="C:\WINDOWS\sprscore.exe" [2007-12-09 16:28 753664]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 16:20 219136]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
      backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
      backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
      backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GetRight - Tray Icon.lnk]
      backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTracker Pro.lnk]
      backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTrackerPro.lnk]
      backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
      backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Shareaza Turbo Accelerator.lnk]
      backup=C:\WINDOWS\pss\Shareaza Turbo Accelerator.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
      --a------ 2005-11-14 07:21 57344 C:\Program Files\Common Files\soft602\pdfSaver.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
      -ra------ 2007-03-01 09:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      --a------ 2008-01-11 00:07 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
      --a------ 2007-08-20 09:42 495616 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
      --a------ 2007-08-20 09:42 495616 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
      --------- 2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
      C:\Program Files\Hitman Pro\xphelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a------ 2004-05-13 02:26 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
      --a------ 2004-05-04 18:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
      --a------ 2004-05-05 09:51 491520 C:\WINDOWS\system32\hphmon05.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
      --a------ 2004-04-01 15:03 49152 c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
      --a------ 2007-07-25 15:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
      --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\NvCpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
      --a------ 2004-05-19 13:29 385024 C:\Program Files\PDF\pdfSaver\pdfSaver3.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
      C:\Program Files\Shareaza\Shareaza.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
      C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "sdCoreService"=3 (0x3)
      "sdAuxService"=3 (0x3)
      "PavPrSrv"=2 (0x2)
      "pr2alvyb"=2 (0x2)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" -tray
      "QuickTime Player"=C:\Program Files\QuickTime\QuickTimePlayer.exe
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
      "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
      "SfKg6wIPu"=C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Windows\joany.exe
      "WinButler"=C:\Documents and Settings\Eigenaar\Application Data\WinButler\WinButler.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
      "SoundMAXPnP"=D:\Niet verwijderen!\Backup\ADI1986A2000XP\ADI1986A2000XP\2000XP\SMAXWDM\W2K_XP\SMax4PNP.exe
      "SWClient"=C:\Program Files\SoftActivity\AMSys\swsys.exe
      "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      "hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
      "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
      "C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
      "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 11:11]
      R0 pe3alvyb;Call of Juarez 4.7 Environment Driver (pe3alvyb);C:\WINDOWS\system32\drivers\pe3alvyb.sys [2007-06-18 12:44]
      R0 ps6alvyb;Call of Juarez 4.7 Synchronization Driver (ps6alvyb);C:\WINDOWS\system32\drivers\ps6alvyb.sys [2007-06-18 12:43]
      R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-06-28 09:34]
      R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-01-16 17:19]
      R2 BcmSqlStartupSvc;Opstartservice voor SQL Server voor Business Contact Manager;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 10:16]
      R2 GIAProxyService;GIA Proxy Service;C:\Program Files\InternetAnonymizer\GIAProxyService.exe [2007-12-17 18:01]
      R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
      R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
      R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
      S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS [2008-01-08 23:50]
      S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS [2008-01-08 23:50]
      S1 UMAXIS11;UMAXIS11;C:\WINDOWS\system32\drivers\UMAXIS11.SYS [2008-01-08 19:38]
      S2 StudioPro;StudioPro webcam;C:\WINDOWS\system32\DRIVERS\StudioPro.sys [2007-01-05 12:05]
      S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys [2008-01-08 19:38]
      S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-05-01 00:26]
      S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29]
      S3 SAgentDriver;SAgent Driver;C:\Program Files\SoftActivity\AMSys\sagendrv.sys [2007-03-12 12:28]
      S4 pr2alvyb;Call of Juarez 4.7 Drivers Auto Removal (pr2alvyb);C:\WINDOWS\system32\pr2alvyb.exe svc

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6fd35bf-a177-11dc-97cc-00173154c6b1}]
      \Shell\AutoRun\command - G:\InstallTomTomHOME.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-10 22:22:51 C:\WINDOWS\Tasks\1-Click Maintenance.job"
      - C:\PROGRA~1\TUNEUP~1\ONECLI~1.EXE
      "2008-02-26 01:29:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-26 02:40:59
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      AppInit_DLLs = ????????????

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
      -> C:\WINDOWS\winfsysrn.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PSIService.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
      C:\WINDOWS\rundys32.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-26 2:44:47 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-26 01:44:44
      .
      2008-02-15 17:37:52 --- E O F ---

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 2:51:26, on 26/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      C:\WINDOWS\sprscore.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
      C:\Program Files\InternetAnonymizer\GIAProxyService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PSIService.exe
      c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\rundys32.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Hijack This\hijackthis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.toggle.com/index.php?rvs=hompag
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: InternetAnonymizer - {7873A33B-E2A1-4a0b-A418-B6378908ABAD} - C:\Program Files\InternetAnonymizer\GIAToolBar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [gretinit] C:\WINDOWS\sprscore.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
      O4 - HKCU\..\Run: [part way] C:\DOCUME~1\Eigenaar\APPLIC~1\BLUEDR~1\MODE POKE TRAY.exe
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
      O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
      O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
      O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reallusion.com/CrazyTalk4.cab
      O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/resources/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
      O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} (Quest3DCtlr2 Class) - http://www.quest3d.com/webplugin/download/quest3dactivex2.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173199662296
      O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5204/mcfscan.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
      O23 - Service: GIA Proxy Service (GIAProxyService) - InternetAnonymizer Corporation - C:\Program Files\InternetAnonymizer\GIAProxyService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
      O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

      --
      End of file - 12905 bytes

      Comment


      • #4
        Je hebt Messenger Plus geinstalleerd en daarbij de optie voor de sponsors aan laten staan.

        Open Kladblok, kopiëer en plak het volgende tekst uit het code-blok in een leeg venster:
        • Code:
           
          http://www.nucia.eu/forum/showthread.php?p=324602#post324602
          
          Collect::[8]
          C:\WINDOWS\sysk32.dll
          C:\WINDOWS\rundys32.exe
          C:\WINDOWS\sprscore.exe
          C:\WINDOWS\winfsysrn.dll
          
          File:
          C:\Documents and Settings\All Users\Application Data\winam.dat
          
          Folder::
          C:\Program Files\bluedrive
          C:\Documents and Settings\Eigenaar\Application Data\bluedrive
          C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
          C:\Program Files\SoftActivity
          
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "part way"=-
          
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "gretinit"=-
          
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "SWClient"=-
        Sla dit op op je Bureaublad als CFScript.txt.

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.

        Aanvullend zal ComboFix een gezipt bestand op je Bureaublad plaatsen, met de naam [8]-Submit_2008-02-26...zip
        Na afloop van de scan zal een venstertje verschijnen met de titel "Submit files for further analysis",
        klik op OK om de upload-pagina te openen.

        kopieer de vetgedrukte padbeschrijving van de pagina en plak het in het invulvenster.
        Klik op Send File.

        Voorbeeld: http://img.photobucket.com/albums/v6.../CF-Submit.gif

        Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
        Post ter controle ook nog een nieuw log van hijackthis.

        Comment


        • #5
          Heb je bovenstaande acties al uit kunnen voeren?

          Comment


          • #6
            heb uitgevoerd maar er liep iets mis, dit is mijn combo log

            ComboFix 07-06-21.3 - C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
            "Eigenaar" - 2008-03-02 7:47:15 - Service Pack 2 NTFS


            ((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))


            2008-03-02 00:35 <DIR> d-------- C:\Program Files\MP3SPLITTER
            2008-03-01 22:13 <DIR> dr-h----- C:\DOCUME~1\Eigenaar\Onlangs geopend
            2008-03-01 17:30 49,152 --a------ C:\WINDOWS\nircmd.exe
            2008-03-01 10:32 <DIR> d-------- C:\Program Files\SoftActivity
            2008-03-01 10:32 <DIR> d-------- C:\Program Files\bluedrive
            2008-03-01 10:32 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\bluedrive
            2008-03-01 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
            2008-03-01 09:41 <DIR> d-------- C:\SWSetup
            2008-02-29 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
            2008-02-29 17:44 <DIR> d-------- C:\Program Files\Bonjour
            2008-02-29 17:38 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
            2008-02-28 06:23 <DIR> d-------- C:\Program Files\Microsoft UDDI SDK
            2008-02-28 06:23 <DIR> d-------- C:\Program Files\apiExplore
            2008-02-28 06:21 <DIR> d-------- C:\Program Files\Microsoft .NET Micro Framework
            2008-02-28 02:29 <DIR> d-------- C:\Program Files\Maxtor
            2008-02-28 02:29 <DIR> d-------- C:\Program Files\Common Files\Maxtor
            2008-02-28 02:02 <DIR> d-------- C:\Program Files\Seagate
            2008-02-26 23:42 <DIR> d-------- C:\ComboFix(2)
            2008-02-25 17:34 11,976,704 --a------ C:\DOCUME~1\Eigenaar\ntuser.dat
            2008-02-24 22:39 <DIR> d-------- C:\Program Files\Hijack This
            2008-02-24 22:37 <DIR> d-------- C:\deljob
            2008-02-22 18:18 <DIR> d-------- C:\Program Files\Zards software
            2008-02-18 23:25 <DIR> d-------- C:\Archivos de programa
            2008-02-18 21:38 <DIR> d-------- C:\Program Files\VirtualDJ
            2008-02-18 09:48 692,224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll
            2008-02-18 09:48 53,248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll
            2008-02-18 09:48 200,704 --a------ C:\WINDOWS\system32\ciaSCls20.dll
            2008-02-18 09:47 753,664 --a------ C:\WINDOWS\sprscore.exe
            2008-02-18 09:47 749,848 --a------ C:\WINDOWS\system32\wodSmtp.dll
            2008-02-18 09:47 729,368 --a------ C:\WINDOWS\system32\wodPop3.dll
            2008-02-18 09:47 434,176 --a------ C:\WINDOWS\rundys32.exe
            2008-02-18 09:47 4,800,512 --a------ C:\WINDOWS\sspro.exe
            2008-02-18 09:47 352,256 --a------ C:\WINDOWS\system32\ijl15.dll
            2008-02-18 09:47 278,528 --a------ C:\WINDOWS\system32\duzactx.dll
            2008-02-18 09:47 2,531 --a------ C:\WINDOWS\dep32ceg.dll
            2008-02-18 09:47 131,072 --a------ C:\WINDOWS\winfsysrn.dll
            2008-02-18 09:47 <DIR> d-------- C:\WINDOWS\fontvect
            2008-02-17 23:56 <DIR> d-------- C:\Program Files\coolpro2
            2008-02-17 00:03 90,112 --a------ C:\WINDOWS\unvise32.exe
            2008-02-17 00:03 <DIR> d-------- C:\Program Files\WinConfig
            2008-02-17 00:02 <DIR> d-------- C:\Program Files\Spytech Software
            2008-02-16 20:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
            2008-02-15 09:19 <DIR> d-------- C:\Program Files\Circle Developement
            2008-02-15 08:21 <DIR> d-------- C:\WINDOWS\system32\riched20
            2008-02-14 00:00 <DIR> d-------- C:\Program Files\Real
            2008-02-14 00:00 <DIR> d-------- C:\Program Files\Common Files\xing shared
            2008-02-14 00:00 <DIR> d-------- C:\Program Files\Common Files\Real
            2008-02-14 00:00 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Real
            2008-02-13 20:29 88 -r-hs---- C:\DOCUME~1\ALLUSE~1\APPLIC~1\6A8C24E8D0.sys
            2008-02-13 20:29 2,516 --ahs---- C:\DOCUME~1\ALLUSE~1\APPLIC~1\KGyGaAvL.sys
            2008-02-13 20:29 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Corel
            2008-02-13 19:02 <DIR> d-------- C:\Program Files\Common Files\Protexis
            2008-02-13 19:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
            2008-02-13 19:01 <DIR> d-------- C:\Program Files\Common Files\Corel
            2008-02-10 11:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
            2008-02-09 06:14 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
            2008-02-09 06:14 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
            2008-02-09 06:14 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
            2008-02-09 06:14 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
            2008-02-09 06:14 <DIR> d-------- C:\Program Files\Analog Devices
            2008-02-09 06:12 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
            2008-02-09 06:12 393,088 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
            2008-02-09 06:12 141,312 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
            2008-02-09 06:12 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
            2008-02-08 04:10 <DIR> d-------- C:\Program Files\Paint.NET
            2008-02-08 01:44 <DIR> d-------- C:\Program Files\Microsoft Works
            2008-02-08 01:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
            2008-02-08 01:40 <DIR> dr-h----- C:\MSOCache
            2008-02-06 14:54 <DIR> d-------- C:\DOCUME~1\Eigenaar\Windows XP and Office Registry Entries [h33t] [dinguskull]
            2008-02-06 14:53 <DIR> d-------- C:\DOCUME~1\Eigenaar\Microsoft Office 2007 Activation Crack
            2008-02-05 23:08 <DIR> d-------- C:\DOCUME~1\Eigenaar\MS Office 2007 Professional Plus + Expression Web
            2008-02-05 20:05 <DIR> d-------- C:\Program Files\Shareaza Applications
            2008-02-05 08:49 <DIR> d-------- C:\Program Files\Microsoft Small Business
            2008-02-05 03:44 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\SoundSpectrum
            2008-02-05 03:43 <DIR> d-------- C:\Program Files\SoundSpectrum
            2008-02-05 00:13 <DIR> d-------- C:\Program Files\Microsoft.NET
            2008-02-04 23:23 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\OpenOffice.org2
            2008-02-04 23:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
            2008-02-03 18:16 <DIR> d-------- C:\Program Files\PDF
            2008-02-03 18:16 <DIR> d-------- C:\Program Files\Common Files\Ahead
            2008-02-03 15:16 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\HP
            2008-02-03 15:12 893 --------- C:\WINDOWS\hphmdl24.dat
            2008-02-03 15:12 159,621 --a------ C:\WINDOWS\hphins24.dat
            2008-02-02 16:05 <DIR> d-------- C:\DOCUME~1\Eigenaar\Mijn documenten
            2008-02-02 14:19 <DIR> d-------- C:\Program Files\Nero
            2008-02-02 14:19 <DIR> d-------- C:\Program Files\Common Files\Nero
            2008-02-02 07:05 <DIR> d-------- C:\Program Files\LimeWire
            2008-02-02 06:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
            2008-02-02 01:30 <DIR> d-------- C:\Program Files\AudioLabel


            (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

            2008-03-01 21:16:01 -------- d-----w C:\Program Files\ffdshow
            2008-03-01 21:15:34 -------- d-----w C:\Program Files\Windows Live
            2008-03-01 09:28:24 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Skype
            2008-03-01 09:27:59 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\WizzTones
            2008-02-29 10:38:44 -------- d-----w C:\Program Files\Common Files\Nokia
            2008-02-29 10:38:43 -------- d-----w C:\Program Files\Nokia
            2008-02-28 01:02:17 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
            2008-02-27 15:06:21 -------- d-----w C:\Program Files\HP
            2008-02-27 15:02:29 -------- d-----w C:\Program Files\Hewlett-Packard
            2008-02-23 14:09:15 -------- d-----w C:\Program Files\MSN Messenger
            2008-02-22 22:02:20 -------- d-----w C:\Program Files\Yahoo!
            2008-02-22 17:22:58 -------- d-----w C:\Program Files\InternetAnonymizer
            2008-02-22 17:22:58 -------- d-----w C:\Program Files\GetRight
            2008-02-22 17:22:58 -------- d-----w C:\Program Files\3D MP3 Sound Recorder G2
            2008-02-22 17:22:58 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\LimeWire
            2008-02-19 15:32:39 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Shareaza
            2008-02-17 23:08:25 -------- d-----w C:\Program Files\TuneUp Utilities 2007
            2008-02-16 23:14:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-02-16 19:13:23 -------- d-----w C:\Program Files\TomTom HOME 2
            2008-02-15 08:19:17 -------- d-----w C:\Program Files\Messenger Plus! Live
            2008-02-15 07:23:48 522,202 ----a-w C:\WINDOWS\system32\perfh013.dat
            2008-02-15 07:23:48 104,854 ----a-w C:\WINDOWS\system32\perfc013.dat
            2008-02-15 06:52:59 -------- d-----w C:\Program Files\Windows Live Toolbar
            2008-02-14 18:52:18 -------- d-----w C:\Program Files\Common Files\ArcSoft
            2008-02-14 18:52:12 -------- d-----w C:\Program Files\ArcSoft
            2008-02-13 18:00:54 -------- d-----w C:\Program Files\Corel
            2008-02-10 06:02:55 -------- d-----w C:\Program Files\Hitman Pro
            2008-02-06 02:03:48 -------- d-----w C:\Program Files\Microsoft SQL Server
            2008-02-05 19:05:36 -------- d-----w C:\Program Files\Shareaza
            2008-02-04 22:33:07 -------- d-----w C:\Program Files\Winamp
            2008-02-03 17:16:16 -------- d-----w C:\Program Files\Common Files\soft602
            2008-02-02 13:07:14 -------- d-----w C:\Program Files\Ahead
            2008-02-01 10:17:18 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
            2008-01-29 05:05:43 -------- d-----w C:\Program Files\Audacity
            2008-01-28 07:55:12 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
            2008-01-26 23:39:06 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\VersionTracker Pro
            2008-01-25 18:28:32 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\WinButler
            2008-01-23 23:04:59 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\GetRightToGo
            2008-01-23 19:20:26 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
            2008-01-18 22:01:54 -------- d-----w C:\Program Files\Defraggler
            2008-01-15 22:38:43 -------- d-----w C:\Program Files\Enigma Software Group
            2008-01-13 21:35:43 -------- d-----w C:\Program Files\Lavasoft
            2008-01-13 21:35:41 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Lavasoft
            2008-01-13 20:47:48 -------- d-----w C:\Program Files\CCleaner
            2008-01-13 20:36:02 -------- d-----w C:\Program Files\Common Files\InternetAnonymizer
            2008-01-13 20:16:00 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\InternetAnonymizer
            2008-01-11 05:58:08 -------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
            2008-01-10 23:07:19 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
            2008-01-10 02:02:31 -------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
            2008-01-09 18:10:45 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Nokia Multimedia Player
            2008-01-09 10:25:54 -------- d-----w C:\Program Files\Common Files\Download Manager
            2008-01-09 10:17:44 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\PrevxCSI
            2008-01-09 03:34:25 -------- d-----w C:\Program Files\3B Software
            2008-01-09 01:55:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll
            2008-01-09 01:55:05 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
            2008-01-09 01:55:05 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
            2008-01-08 23:07:07 -------- d-----w C:\Program Files\Uniblue
            2008-01-08 22:50:38 37,376 ----a-w C:\WINDOWS\kpsys32.dll
            2008-01-08 22:50:38 196,608 ----a-w C:\WINDOWS\kpcp32.dll
            2008-01-08 22:50:38 133,120 ----a-w C:\WINDOWS\sprof32.dll
            2008-01-08 22:50:31 17,700 ----a-w C:\WINDOWS\system32\drivers\dmx3191.sys
            2008-01-08 22:50:31 12,128 ----a-w C:\WINDOWS\system32\drivers\aec671x.sys
            2008-01-08 22:50:31 104,448 ----a-w C:\WINDOWS\twain32.dll
            2008-01-08 18:38:49 76,260 ----a-w C:\WINDOWS\system32\drivers\udnt.sys
            2008-01-08 18:38:49 62,592 ----a-w C:\WINDOWS\system32\drivers\umaxis11.sys
            2008-01-08 17:23:21 -------- d-----w C:\Program Files\Common Files\ODBC
            2008-01-08 17:23:15 -------- d-----w C:\Program Files\DVDCoverPrint
            2008-01-08 00:32:27 -------- d-----w C:\Program Files\FlashGet
            2008-01-08 00:32:27 -------- d-----w C:\Program Files\DivX
            2008-01-07 20:27:45 -------- d-----w C:\Program Files\QuickTime
            2008-01-07 19:35:59 -------- d-----w C:\Program Files\Microsoft IntelliType Pro
            2008-01-06 12:02:02 -------- d-----w C:\Program Files\Microsoft Bootvis
            2008-01-06 01:37:09 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Arcsoft
            2008-01-05 19:55:59 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Nokia
            2008-01-05 18:38:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3293.sys
            2008-01-05 18:38:57 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
            2008-01-05 18:37:44 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\.bittorrent
            2008-01-05 18:32:46 -------- d-----w C:\Program Files\BitTorrent
            2007-12-22 22:39:06 20,583 ----a-w C:\WINDOWS\sysk32.dll
            2007-12-20 23:18:05 39,884 ----a-w C:\WINDOWS\system32\sinvfct.dll
            2007-12-16 00:43:27 104,469 ----a-w C:\WINDOWS\hpqins13.dat
            2007-12-15 22:37:01 88 --sh--r C:\WINDOWS\system32\6A8C24E8D0.sys
            2007-12-15 22:37:01 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
            2007-12-04 18:42:03 550,912 ------w C:\WINDOWS\system32\oleaut32.dll


            ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


            *Note* empty entries & legit default entries are not shown

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
            {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 09:40]
            {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-10-18 18:47]
            {3049C3E9-B461-4BC5-8870-4C09146192CA}=C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-14 00:00]
            {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 00:11]
            {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 10:30]
            {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
            {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-09-26 17:15]
            {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 11:20]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
            "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 16:20]
            "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-08-11 17:15]
            "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]
            "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-14 00:00]
            "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-01-16 17:19]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-11 00:07]
            "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25]
            "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
            "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-01-29 12:20]
            "part way"="C:\DOCUME~1\Eigenaar\APPLIC~1\BLUEDR~1\MODE POKE TRAY.exe" [2008-02-15 09:19]

            [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
            "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "EnableLUA"=0 (0x0)

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
            backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
            backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
            backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GetRight - Tray Icon.lnk]
            backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTracker Pro.lnk]
            backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTrackerPro.lnk]
            backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
            backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Shareaza Turbo Accelerator.lnk]
            backup=C:\WINDOWS\pss\Shareaza Turbo Accelerator.lnkStartup


            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
            "C:\Program Files\Common Files\soft602\pdfSaver.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
            "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
            "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
            C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
            C:\WINDOWS\system32\ctfmon.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
            C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
            C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
            HDAShCut.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
            "C:\Program Files\Hitman Pro\xphelper.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
            "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
            C:\WINDOWS\system32\hphmon05.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
            c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
            "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
            "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
            "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
            RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
            "nwiz.exe" /install

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
            "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            "C:\Program Files\QuickTime\qttask.exe" -atboottime

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
            "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
            "C:\Program Files\Shareaza\Shareaza.exe" -tray

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
            C:\Program Files\Winamp\winampa.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
            C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
            "sdCoreService"=3 (0x3)
            "sdAuxService"=3 (0x3)
            "PavPrSrv"=2 (0x2)
            "pr2alvyb"=2 (0x2)

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
            "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" -tray
            "QuickTime Player"=C:\Program Files\QuickTime\QuickTimePlayer.exe
            "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
            "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
            "SfKg6wIPu"=C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Windows\joany.exe
            "WinButler"=C:\Documents and Settings\Eigenaar\Application Data\WinButler\WinButler.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
            "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
            "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
            "SoundMAXPnP"=D:\Niet verwijderen!\Backup\ADI1986A2000XP\ADI1986A2000XP\2000XP\SMAXWDM\W2K_XP\SMax4PNP.exe
            "SWClient"=C:\Program Files\SoftActivity\AMSys\swsys.exe
            "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
            "hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
            HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
            UxTuneUp


            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6fd35bf-a177-11dc-97cc-00173154c6b1}]
            AutoRun\command- G:\InstallTomTomHOME.exe


            Contents of the 'Scheduled Tasks' folder
            2008-01-10 22:22:51 C:\WINDOWS\tasks\1-Click Maintenance.job
            2008-03-02 06:29:00 C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job

            **************************************************************************

            catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-03-02 07:49:42
            Windows 5.1.2600 Service Pack 2 NTFS

            scanning hidden processes ...

            scanning hidden autostart entries ...

            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
            AppInit_DLLs = ????????????

            scanning hidden files ...

            scan completed successfully
            hidden files: 0

            **************************************************************************

            Completion time: 2008-03-02 7:50:30
            C:\ComboFix-quarantined-files.txt ... 2008-03-02 07:50
            C:\ComboFix2.txt ... 2008-03-01 20:29
            C:\ComboFix3.txt ... 2008-03-01 17:37

            --- E O F ---

            Comment


            • #7
              Kan je ook vertellen wat er mis ging?

              Weet je dat sspro op de computer staat ?
              Last edited by Steggel; 02-03-08, 11:40.

              Comment


              • #8
                heb een crashke gehad, ondertussen systeemherstel moeten uitvoeren en cid staat er nog op.
                sspro zou er af mogen maar weet niet goed hoe?

                alvast bedankt

                Comment


                • #9
                  Hierbij eerst dan een instructie om de CID popups ongedaan te maken.

                  Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


                  • File::
                    C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Windows\joany.exe

                    Folder::
                    C:\Program Files\SoftActivity
                    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
                    C:\DOCUME~1\Eigenaar\APPLIC~1\bluedrive
                    C:\Documents and Settings\Eigenaar\Application Data\WinButler

                    Registry::
                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "part way"=-

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "gretinit"=-

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
                    "SfKg6wIPu"=-
                    "WinButler"=-

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
                    "SWClient"=-


                  Sla dit op op je Bureaublad als CFScript.txt.

                  Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                  Dit zal ComboFix doen herstarten.

                  Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

                  Comment


                  • #10
                    ComboFix 07-06-21.3 - C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
                    "Eigenaar" - 2008-03-04 3:13:29 - Service Pack 2 NTFS
                    Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt..txt


                    ((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))


                    2008-03-03 20:20 <DIR> d-------- C:\WINDOWS\LastGood
                    2008-03-03 20:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
                    2008-03-02 19:56 <DIR> d-------- C:\Program Files\mIRC
                    2008-03-02 19:56 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\mIRC
                    2008-03-02 18:40 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Yahoo!
                    2008-03-02 13:40 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Shareaza
                    2008-03-01 22:13 <DIR> dr-h----- C:\DOCUME~1\Eigenaar\Onlangs geopend
                    2008-03-01 17:30 49,152 --a------ C:\WINDOWS\nircmd.exe
                    2008-03-01 10:32 <DIR> d-------- C:\Program Files\SoftActivity
                    2008-03-01 10:32 <DIR> d-------- C:\Program Files\bluedrive
                    2008-03-01 10:32 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\bluedrive
                    2008-03-01 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
                    2008-03-01 09:41 <DIR> d-------- C:\SWSetup
                    2008-02-29 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
                    2008-02-29 17:44 <DIR> d-------- C:\Program Files\Bonjour
                    2008-02-29 17:38 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
                    2008-02-28 06:23 <DIR> d-------- C:\Program Files\Microsoft UDDI SDK
                    2008-02-28 06:23 <DIR> d-------- C:\Program Files\apiExplore
                    2008-02-28 06:21 <DIR> d-------- C:\Program Files\Microsoft .NET Micro Framework
                    2008-02-28 02:29 <DIR> d-------- C:\Program Files\Maxtor
                    2008-02-28 02:29 <DIR> d-------- C:\Program Files\Common Files\Maxtor
                    2008-02-28 02:02 <DIR> d-------- C:\Program Files\Seagate
                    2008-02-26 23:42 <DIR> d-------- C:\ComboFix(2)
                    2008-02-25 17:34 12,320,768 --a------ C:\DOCUME~1\Eigenaar\ntuser.dat
                    2008-02-24 22:39 <DIR> d-------- C:\Program Files\Hijack This
                    2008-02-24 22:37 <DIR> d-------- C:\deljob
                    2008-02-22 18:18 <DIR> d-------- C:\Program Files\Zards software
                    2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
                    2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
                    2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
                    2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
                    2008-02-21 03:04 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
                    2008-02-21 03:04 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
                    2008-02-21 03:04 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
                    2008-02-21 03:04 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
                    2008-02-21 03:04 682,496 --a------ C:\WINDOWS\system32\DivX.dll
                    2008-02-21 03:04 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
                    2008-02-21 03:04 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
                    2008-02-21 03:04 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
                    2008-02-21 03:04 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
                    2008-02-21 03:04 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
                    2008-02-21 03:04 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
                    2008-02-21 03:04 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
                    2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
                    2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
                    2008-02-18 23:25 <DIR> d-------- C:\Archivos de programa
                    2008-02-18 21:38 <DIR> d-------- C:\Program Files\VirtualDJ
                    2008-02-18 09:48 692,224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll
                    2008-02-18 09:48 53,248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll
                    2008-02-18 09:48 200,704 --a------ C:\WINDOWS\system32\ciaSCls20.dll
                    2008-02-18 09:47 753,664 --a------ C:\WINDOWS\sprscore.exe
                    2008-02-18 09:47 749,848 --a------ C:\WINDOWS\system32\wodSmtp.dll
                    2008-02-18 09:47 729,368 --a------ C:\WINDOWS\system32\wodPop3.dll
                    2008-02-18 09:47 434,176 --a------ C:\WINDOWS\rundys32.exe
                    2008-02-18 09:47 4,800,512 --a------ C:\WINDOWS\sspro.exe
                    2008-02-18 09:47 352,256 --a------ C:\WINDOWS\system32\ijl15.dll
                    2008-02-18 09:47 278,528 --a------ C:\WINDOWS\system32\duzactx.dll
                    2008-02-18 09:47 2,531 --a------ C:\WINDOWS\dep32ceg.dll
                    2008-02-18 09:47 131,072 --a------ C:\WINDOWS\winfsysrn.dll
                    2008-02-18 09:47 <DIR> d-------- C:\WINDOWS\fontvect
                    2008-02-17 23:56 <DIR> d-------- C:\Program Files\coolpro2
                    2008-02-17 00:03 90,112 --a------ C:\WINDOWS\unvise32.exe
                    2008-02-17 00:03 <DIR> d-------- C:\Program Files\WinConfig
                    2008-02-17 00:02 <DIR> d-------- C:\Program Files\Spytech Software
                    2008-02-16 20:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
                    2008-02-15 09:19 <DIR> d-------- C:\Program Files\Circle Developement
                    2008-02-15 08:21 <DIR> d-------- C:\WINDOWS\system32\riched20
                    2008-02-14 00:00 <DIR> d-------- C:\Program Files\Real
                    2008-02-14 00:00 <DIR> d-------- C:\Program Files\Common Files\xing shared
                    2008-02-14 00:00 <DIR> d-------- C:\Program Files\Common Files\Real
                    2008-02-14 00:00 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Real
                    2008-02-13 20:29 88 -r-hs---- C:\DOCUME~1\ALLUSE~1\APPLIC~1\6A8C24E8D0.sys
                    2008-02-13 20:29 2,516 --ahs---- C:\DOCUME~1\ALLUSE~1\APPLIC~1\KGyGaAvL.sys
                    2008-02-13 20:29 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\Corel
                    2008-02-10 11:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
                    2008-02-09 06:14 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
                    2008-02-09 06:14 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
                    2008-02-09 06:14 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
                    2008-02-09 06:14 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
                    2008-02-09 06:14 <DIR> d-------- C:\Program Files\Analog Devices
                    2008-02-09 06:12 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
                    2008-02-09 06:12 393,088 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
                    2008-02-09 06:12 141,312 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
                    2008-02-09 06:12 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
                    2008-02-08 04:10 <DIR> d-------- C:\Program Files\Paint.NET
                    2008-02-08 01:44 <DIR> d-------- C:\Program Files\Microsoft Works
                    2008-02-08 01:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
                    2008-02-08 01:40 <DIR> dr-h----- C:\MSOCache
                    2008-02-06 14:54 <DIR> d-------- C:\DOCUME~1\Eigenaar\Windows XP and Office Registry Entries [h33t] [dinguskull]
                    2008-02-06 14:53 <DIR> d-------- C:\DOCUME~1\Eigenaar\Microsoft Office 2007 Activation Crack
                    2008-02-05 23:08 <DIR> d-------- C:\DOCUME~1\Eigenaar\MS Office 2007 Professional Plus + Expression Web
                    2008-02-05 20:05 <DIR> d-------- C:\Program Files\Shareaza Applications
                    2008-02-05 08:49 <DIR> d-------- C:\Program Files\Microsoft Small Business
                    2008-02-05 03:44 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\SoundSpectrum
                    2008-02-05 03:43 <DIR> d-------- C:\Program Files\SoundSpectrum
                    2008-02-05 00:13 <DIR> d-------- C:\Program Files\Microsoft.NET
                    2008-02-04 23:23 <DIR> d-------- C:\DOCUME~1\Eigenaar\APPLIC~1\OpenOffice.org2
                    2008-02-04 23:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3


                    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

                    2008-03-03 06:21:33 -------- d-----w C:\Program Files\Corel
                    2008-03-02 17:45:05 -------- d-----w C:\Program Files\Common Files\ArcSoft
                    2008-03-02 17:45:04 -------- d-----w C:\Program Files\ArcSoft
                    2008-03-02 17:45:02 -------- d--h--w C:\Program Files\InstallShield Installation Information
                    2008-03-02 17:39:54 -------- d-----w C:\Program Files\DivX
                    2008-03-02 17:39:37 -------- d-----w C:\Program Files\Yahoo!
                    2008-03-02 12:40:05 -------- d-----w C:\Program Files\Shareaza
                    2008-03-02 12:22:30 -------- d-----w C:\Program Files\Nokia
                    2008-03-02 12:22:00 -------- d-----w C:\Program Files\Winamp
                    2008-03-01 21:16:01 -------- d-----w C:\Program Files\ffdshow
                    2008-03-01 21:15:34 -------- d-----w C:\Program Files\Windows Live
                    2008-03-01 09:28:24 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Skype
                    2008-03-01 09:27:59 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\WizzTones
                    2008-02-29 10:38:44 -------- d-----w C:\Program Files\Common Files\Nokia
                    2008-02-28 01:02:17 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                    2008-02-27 15:06:21 -------- d-----w C:\Program Files\HP
                    2008-02-27 15:02:29 -------- d-----w C:\Program Files\Hewlett-Packard
                    2008-02-23 14:09:15 -------- d-----w C:\Program Files\MSN Messenger
                    2008-02-22 17:22:58 -------- d-----w C:\Program Files\InternetAnonymizer
                    2008-02-22 17:22:58 -------- d-----w C:\Program Files\GetRight
                    2008-02-22 17:22:58 -------- d-----w C:\Program Files\3D MP3 Sound Recorder G2
                    2008-02-22 17:22:58 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\LimeWire
                    2008-02-17 23:08:25 -------- d-----w C:\Program Files\TuneUp Utilities 2007
                    2008-02-16 19:13:23 -------- d-----w C:\Program Files\TomTom HOME 2
                    2008-02-15 08:19:17 -------- d-----w C:\Program Files\Messenger Plus! Live
                    2008-02-15 07:23:48 522,202 ----a-w C:\WINDOWS\system32\perfh013.dat
                    2008-02-15 07:23:48 104,854 ----a-w C:\WINDOWS\system32\perfc013.dat
                    2008-02-15 06:52:59 -------- d-----w C:\Program Files\Windows Live Toolbar
                    2008-02-10 06:02:55 -------- d-----w C:\Program Files\Hitman Pro
                    2008-02-06 02:03:48 -------- d-----w C:\Program Files\Microsoft SQL Server
                    2008-02-03 17:16:52 -------- d-----w C:\Program Files\AudioLabel
                    2008-02-03 17:16:46 -------- d-----w C:\Program Files\LimeWire
                    2008-02-03 17:16:24 -------- d-----w C:\Program Files\Common Files\Ahead
                    2008-02-03 17:16:23 -------- d-----w C:\Program Files\Common Files\Nero
                    2008-02-03 17:16:16 -------- d-----w C:\Program Files\Common Files\soft602
                    2008-02-03 17:16:12 -------- d-----w C:\Program Files\PDF
                    2008-02-03 14:16:37 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\HP
                    2008-02-03 14:16:09 159,621 ----a-w C:\WINDOWS\hphins24.dat
                    2008-02-02 13:19:20 -------- d-----w C:\Program Files\Nero
                    2008-02-02 13:07:14 -------- d-----w C:\Program Files\Ahead
                    2008-02-01 10:17:18 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
                    2008-01-28 07:55:12 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
                    2008-01-26 23:39:06 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\VersionTracker Pro
                    2008-01-25 18:28:32 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\WinButler
                    2008-01-23 23:04:59 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\GetRightToGo
                    2008-01-23 19:20:26 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                    2008-01-18 22:01:54 -------- d-----w C:\Program Files\Defraggler
                    2008-01-16 20:19:51 893 ------w C:\WINDOWS\hphmdl24.dat
                    2008-01-15 22:38:43 -------- d-----w C:\Program Files\Enigma Software Group
                    2008-01-13 21:35:43 -------- d-----w C:\Program Files\Lavasoft
                    2008-01-13 21:35:41 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Lavasoft
                    2008-01-13 20:47:48 -------- d-----w C:\Program Files\CCleaner
                    2008-01-13 20:36:02 -------- d-----w C:\Program Files\Common Files\InternetAnonymizer
                    2008-01-13 20:16:00 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\InternetAnonymizer
                    2008-01-11 05:58:08 -------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
                    2008-01-10 23:07:19 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
                    2008-01-10 02:02:31 -------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
                    2008-01-09 18:10:45 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Nokia Multimedia Player
                    2008-01-09 10:25:54 -------- d-----w C:\Program Files\Common Files\Download Manager
                    2008-01-09 10:17:44 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\PrevxCSI
                    2008-01-09 03:34:25 -------- d-----w C:\Program Files\3B Software
                    2008-01-09 01:55:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll
                    2008-01-09 01:55:05 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
                    2008-01-09 01:55:05 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
                    2008-01-08 23:07:07 -------- d-----w C:\Program Files\Uniblue
                    2008-01-08 22:50:38 37,376 ----a-w C:\WINDOWS\kpsys32.dll
                    2008-01-08 22:50:38 196,608 ----a-w C:\WINDOWS\kpcp32.dll
                    2008-01-08 22:50:38 133,120 ----a-w C:\WINDOWS\sprof32.dll
                    2008-01-08 22:50:31 17,700 ----a-w C:\WINDOWS\system32\drivers\dmx3191.sys
                    2008-01-08 22:50:31 12,128 ----a-w C:\WINDOWS\system32\drivers\aec671x.sys
                    2008-01-08 22:50:31 104,448 ----a-w C:\WINDOWS\twain32.dll
                    2008-01-08 18:38:49 76,260 ----a-w C:\WINDOWS\system32\drivers\udnt.sys
                    2008-01-08 18:38:49 62,592 ----a-w C:\WINDOWS\system32\drivers\umaxis11.sys
                    2008-01-08 17:23:21 -------- d-----w C:\Program Files\Common Files\ODBC
                    2008-01-08 17:23:15 -------- d-----w C:\Program Files\DVDCoverPrint
                    2008-01-08 00:32:27 -------- d-----w C:\Program Files\FlashGet
                    2008-01-07 20:27:45 -------- d-----w C:\Program Files\QuickTime
                    2008-01-07 19:35:59 -------- d-----w C:\Program Files\Microsoft IntelliType Pro
                    2008-01-06 12:02:02 -------- d-----w C:\Program Files\Microsoft Bootvis
                    2008-01-06 01:37:09 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Arcsoft
                    2008-01-05 19:55:59 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\Nokia
                    2008-01-05 18:38:57 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3293.sys
                    2008-01-05 18:38:57 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
                    2008-01-05 18:37:44 -------- d-----w C:\DOCUME~1\Eigenaar\APPLIC~1\.bittorrent
                    2008-01-05 18:32:46 -------- d-----w C:\Program Files\BitTorrent
                    2007-12-22 22:39:06 20,583 ----a-w C:\WINDOWS\sysk32.dll
                    2007-12-20 23:18:05 39,884 ----a-w C:\WINDOWS\system32\sinvfct.dll
                    2007-12-16 00:43:27 104,469 ----a-w C:\WINDOWS\hpqins13.dat
                    2007-12-15 22:37:01 88 --sh--r C:\WINDOWS\system32\6A8C24E8D0.sys
                    2007-12-15 22:37:01 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                    2007-12-04 18:42:03 550,912 ------w C:\WINDOWS\system32\oleaut32.dll


                    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


                    *Note* empty entries & legit default entries are not shown

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
                    {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 09:40]
                    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-10-18 18:47]
                    {3049C3E9-B461-4BC5-8870-4C09146192CA}=C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-14 00:00]
                    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 00:11]
                    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 10:30]
                    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
                    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-09-26 17:15]
                    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 11:20]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
                    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 16:20]
                    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-08-11 17:15]
                    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]
                    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-14 00:00]
                    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-11 00:07]
                    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25]
                    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
                    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-01-29 12:20]
                    "part way"="C:\DOCUME~1\Eigenaar\APPLIC~1\BLUEDR~1\MODE POKE TRAY.exe" [2008-02-15 09:19]

                    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
                    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "EnableLUA"=0 (0x0)

                    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
                    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
                    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
                    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GetRight - Tray Icon.lnk]
                    backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTracker Pro.lnk]
                    backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTrackerPro.lnk]
                    backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
                    backup=C:\WINDOWS\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Shareaza Turbo Accelerator.lnk]
                    backup=C:\WINDOWS\pss\Shareaza Turbo Accelerator.lnkStartup


                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
                    "C:\Program Files\Common Files\soft602\pdfSaver.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
                    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
                    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
                    C:\WINDOWS\system32\ctfmon.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
                    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
                    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
                    HDAShCut.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
                    "C:\Program Files\Hitman Pro\xphelper.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
                    "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
                    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
                    C:\WINDOWS\system32\hphmon05.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
                    c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
                    "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
                    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
                    "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
                    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                    "nwiz.exe" /install

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
                    "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                    "C:\Program Files\QuickTime\qttask.exe" -atboottime

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
                    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
                    "C:\Program Files\Shareaza\Shareaza.exe" -tray

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
                    C:\Program Files\Winamp\winampa.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
                    C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                    "sdCoreService"=3 (0x3)
                    "sdAuxService"=3 (0x3)
                    "PavPrSrv"=2 (0x2)
                    "pr2alvyb"=2 (0x2)

                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
                    "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" -tray
                    "QuickTime Player"=C:\Program Files\QuickTime\QuickTimePlayer.exe
                    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
                    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
                    "SfKg6wIPu"=C:\Documents and Settings\Eigenaar\Application Data\Microsoft\Windows\joany.exe
                    "WinButler"=C:\Documents and Settings\Eigenaar\Application Data\WinButler\WinButler.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
                    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
                    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
                    "SoundMAXPnP"=D:\Niet verwijderen!\Backup\ADI1986A2000XP\ADI1986A2000XP\2000XP\SMAXWDM\W2K_XP\SMax4PNP.exe
                    "SWClient"=C:\Program Files\SoftActivity\AMSys\swsys.exe
                    "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
                    "hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
                    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
                    UxTuneUp


                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6fd35bf-a177-11dc-97cc-00173154c6b1}]
                    AutoRun\command- G:\InstallTomTomHOME.exe


                    Contents of the 'Scheduled Tasks' folder
                    2008-01-10 22:22:51 C:\WINDOWS\tasks\1-Click Maintenance.job
                    2008-03-04 01:29:00 C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job

                    **************************************************************************

                    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-03-04 03:17:14
                    Windows 5.1.2600 Service Pack 2 NTFS

                    scanning hidden processes ...

                    scanning hidden autostart entries ...

                    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
                    AppInit_DLLs = ????????????

                    scanning hidden files ...

                    scan completed successfully
                    hidden files: 0

                    **************************************************************************

                    Completion time: 2008-03-04 3:18:22
                    C:\ComboFix-quarantined-files.txt ... 2008-03-04 03:17
                    C:\ComboFix2.txt ... 2008-03-02 07:50
                    C:\ComboFix3.txt ... 2008-03-01 20:29

                    --- E O F ---

                    Comment


                    • #11
                      Had je nog een foutmelding bij ComboFix?
                      Ik heb de inhoud van CFscript.txt als bijlage toegevoegd.

                      Download deze bijlage naar je Bureaublad en sleep het bestand nogmaals naar ComboFix.exe
                      Bijgevoegde Bestanden

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X