Mededeling

Collapse
No announcement yet.

help; ik raak steeds verder van huis

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • help; ik raak steeds verder van huis

    tegen beter weten in toch een setup.exe teveel gestart. hoewel meteen afgebroken was het toch te laat; bufferoverrun en spontane popups

    hitmanpro gedraaid, dit forum gevonden en gelezen en om julie niet prematuur lastig te vallen zelf geprobeerd te deleten en register te schonen; jv16, hjt en combi.
    steeds register kunnen restoren maar ook dat kan niet meer want het help venster komt niet op.
    mijn favoriete browser, maxthon, draait niet meer en van een applicatie is het menu verdwenen.

    bij voorbaat dank, Bunnie(0651423409)

    Logfile of HijackThis v1.99.1
    Scan saved at 19:45:43, on 25-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
    C:\Documents and Settings\Frank.JMW.000\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
    O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:titanium /mod:7 /flg:2 /ver:7.0.0
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [Mirabilis ICQ] "C:\Program Files\ICQ\ICQNet.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [spampal] C:\Program Files\SpamPal\spampal.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WeatherWatcher] "D:\Program Files\Weather Watcher\ww.exe"
    O4 - HKCU\..\Run: [Picasa Media Detector] "d:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Startup: BackupXpress.lnk = C:\Program Files\BackupX\BackupX.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: BackupXpress.lnk = C:\Program Files\BackupX\BackupX.exe
    O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download the &current page with Offline Explorer - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
    O8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS2\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS3\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Application Management (AppMgmt) - Unknown owner - (no file)
    O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - (no file)
    O23 - Service: Computer Browser (Browser) - Unknown owner - (no file)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Services voor cryptografie (CryptSvc) - Panda Software - (no file)
    O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Panda Software - (no file)
    O23 - Service: DHCP Client (Dhcp) - Panda Software - (no file)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Help en ondersteuning (helpsvc) - Google - (no file)
    O23 - Service: HID Input Service (HidServ) - Google - (no file)
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Server (lanmanserver) - Logitech, Inc. - (no file)
    O23 - Service: Workstation (lanmanworkstation) - Logitech, Inc. - (no file)
    O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Logitech, Inc. - (no file)
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Secondary Logon (seclogon) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)
    O23 - Service: System Event Notification (SENS) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
    O23 - Service: Distributed Link Tracking Client (TrkWks) - Panda Software International - (no file)
    Groeten,

    Bunnie
    all computers wait at the same speed

  • #2
    Hi Bunnie,

    Welkom op Nucia.nl

    Dat was zeer onverstandig om tools zelfs te gaan gebruiken, die zijn zeer risicovol.
    Laten we eens kijken wat ik voor je doen kan...

    Zal je het logje van ComboFix een willen plaatsen?

    - Daniël

    Comment


    • #3
      zou ik wel willen doen, ware het niet dat de pc helemaal niet meer op wil starten; iets met het master boot record.

      ik ben zelf 12uur per dag van huis af,dus veel tijd om er iets aan te doen op een dag is er niet. mrgen maar weer eens verder zien en het internet afstruinen naar mogelijke oplossingen.
      Groeten,

      Bunnie
      all computers wait at the same speed

      Comment


      • #4
        Zorg er voor dat je een Windows CD-Rom hebt en stop deze in de PC en herstart vervolgens de PC. Tijdens het opstarten zal je de vraag krijgen 'Druk op een toets als u wilt opstarten vanaf CD-Rom', druk vervolgens op een toets en wacht rustig af.

        Zorg er voor dat je een Windows CD-Rom hebt en stop deze in de PC en herstart vervolgens de PC. Tijdens het opstarten zal je de vraag krijgen 'Druk op een toets als u wilt opstarten vanaf CD-Rom', druk vervolgens op een toets en wacht rustig af.

        Als je een scherm krijgt zoals in het onderstaande voorbeeld moet je op R drukken. Dan kom je in de Recovery Console / Herstelconsole en dan kan je je aanmelden bij een Windows-installatie, en dan kan je commando's invoeren, probeer de volgende commando's een voor een uit.
        • fixbmr
        • chkdsk /f /r


        Comment


        • #5
          Hoi Daniel,

          wilde zojuist er aan beginnen, start de pc 'normaal' op; vreemd.
          Hier is de combofix log
          ComboFix 08-02-22 - Frank 2008-02-24 1:09:45.1 - NTFSx86 NETWORK
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.185 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Frank.JMW.000\Bureaublad\ComboFix.exe
          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .
          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          C:\WINDOWS\Fonts\a.zip
          C:\WINDOWS\Fonts\svchost.exe
          C:\WINDOWS\system32\acbay.ini2
          C:\WINDOWS\system32\awtrpnm.dll
          C:\WINDOWS\system32\dehjl.ini
          C:\WINDOWS\system32\dehjl.ini2
          C:\WINDOWS\system32\ljhed.dll
          C:\WINDOWS\system32\mycneuow.dll
          C:\WINDOWS\system32\nnnkhgf(2).dll
          C:\WINDOWS\system32\nnnkhgf.dll
          C:\WINDOWS\system32\pnnhldqn.dll
          C:\WINDOWS\system32\wouencym.ini
          C:\WINDOWS\system32\wyyxx.ini
          C:\WINDOWS\system32\xxyyw.dll
          C:\WINDOWS\system32\yabca(2).dll
          C:\WINDOWS\system32\yabca.dll
          C:\winlogon.exe
          C:\x.dat
          C:\z.dat
          C:\WINDOWS\Fonts\'
          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))
          .
          2008-02-23 17:19 . 2008-02-23 17:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
          2008-02-23 17:17 . 2008-02-23 17:17 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
          2008-02-23 15:08 . 2008-02-23 15:08 134 --a------ C:\n.bat
          2008-02-23 14:44 . 2008-02-23 14:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
          2008-02-22 00:27 . 2008-02-22 00:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
          2008-02-21 21:39 . 2008-02-23 14:44 <DIR> d-------- C:\Program Files\Java
          2008-02-20 00:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-02-20 00:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-02-20 00:23 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-02-20 00:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2008-02-20 00:22 . 2008-02-23 14:44 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-02-20 00:22 . 2008-02-20 00:22 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\PC Tools
          2008-02-19 21:13 . 2008-02-19 23:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
          2008-02-19 12:01 . 2008-02-19 12:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
          2008-02-18 17:16 . 2008-02-18 17:16 24,248 --a------ C:\Documents and Settings\Frank.JMW.000\Application Data\GDIPFONTCACHEV1.DAT
          2008-02-16 16:11 . 2008-02-19 23:53 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\Lavasoft
          2008-02-16 15:43 . 2008-02-24 01:23 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
          2008-02-16 15:39 . 2008-02-16 15:39 164 --a------ C:\install.dat
          2008-02-16 15:38 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
          2008-02-16 15:30 . 2008-02-16 15:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
          2008-02-16 15:28 . 2008-02-22 23:13 <DIR> d-------- C:\Temp
          2008-02-16 14:52 . 2008-02-16 14:52 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
          2008-02-16 14:51 . 2008-02-20 00:05 <DIR> d-------- C:\Program Files\Hitman Pro
          2008-02-16 01:00 . 2008-02-16 01:00 40,724 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
          2008-02-16 00:52 . 2008-02-20 00:10 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\BitDownload
          2008-02-16 00:50 . 2008-02-16 00:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\2 team frag settings
          2008-02-15 18:47 . 2008-02-15 18:47 <DIR> d-------- C:\Documents and Settings\FRANKJ~1~000\LOCALS~1
          2008-02-15 16:50 . 2008-02-15 17:06 40 --a------ C:\WINDOWS\nero.INI
          2008-02-15 15:48 . 2008-02-23 15:59 <DIR> d-------- C:\Program Files\ICQ
          2008-02-14 23:48 . 2008-02-14 23:48 <DIR> d-------- C:\WINDOWS\InCD
          2008-02-14 23:48 . 2003-07-13 02:49 1,155,072 --------- C:\WINDOWS\NuNinst.exe
          2008-02-14 23:48 . 2003-07-13 02:49 85,360 --------- C:\WINDOWS\system32\drivers\incdfs.sys
          2008-02-14 23:48 . 2003-07-13 02:49 47,262 --------- C:\WINDOWS\NuNinst.cfg
          2008-02-14 23:48 . 2003-07-13 02:49 26,784 --------- C:\WINDOWS\system32\drivers\incdpass.sys
          2008-02-14 23:48 . 2003-07-13 02:49 4,976 --------- C:\WINDOWS\system32\drivers\incdrec.sys
          2008-02-14 23:45 . 2003-07-13 02:49 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
          2008-02-14 23:45 . 2003-07-13 02:49 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
          2008-02-14 23:44 . 2003-07-13 02:49 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
          2008-02-14 23:44 . 2003-07-13 02:49 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
          2008-02-14 23:44 . 2003-07-13 02:49 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
          2008-02-14 23:44 . 2003-07-13 02:49 38,912 --a------ C:\WINDOWS\system32\picn20.dll
          2008-02-14 23:43 . 2008-02-14 23:44 <DIR> d-------- C:\Program Files\Common Files\Ahead
          2008-02-14 23:43 . 2008-02-14 23:48 <DIR> d-------- C:\Program Files\Ahead
          2008-02-14 23:43 . 2003-07-13 02:49 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
          2008-02-12 23:29 . 2008-02-12 23:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
          2008-02-12 23:26 . 2008-02-12 23:28 <DIR> d-------- C:\WINDOWS\ShellNew
          2008-02-12 23:26 . 2008-02-12 23:26 <DIR> d-------- C:\Program Files\Common Files\L&H
          2008-02-12 22:40 . 2008-02-13 00:12 21,044 --ah----- C:\WINDOWS\system32\mlfcache.dat
          2008-02-12 21:56 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
          2008-02-12 21:56 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
          2008-02-11 23:42 . 2008-02-11 23:42 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\LimeWire Store Purchased
          2008-02-11 23:42 . 2008-02-11 23:42 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\LimeWire Shared
          2008-02-11 23:39 . 2008-02-11 23:39 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Incomplete
          2008-02-11 23:38 . 2008-02-19 12:33 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\LimeWirePlus
          2008-02-11 23:36 . 2008-02-16 17:48 <DIR> d-------- C:\Program Files\LimewirePlus
          2008-02-05 22:41 . 2008-02-05 22:41 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\Leadertech
          2008-02-05 21:42 . 2008-02-06 23:02 <DIR> d-------- C:\Program Files\URLBase 4.0
          2008-02-04 22:55 . 2008-02-04 22:54 737,280 --a------ C:\WINDOWS\iun6002.exe
          2008-02-04 22:31 . 2008-02-04 22:31 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\Sonic Foundry
          2008-02-02 22:39 . 2008-02-02 23:00 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\SecureMaker
          2008-02-02 22:33 . 2008-02-02 22:37 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\Secretmaker
          2008-02-02 22:28 . 2008-02-04 21:22 209,434 --a------ C:\lma_log.html
          2008-02-02 22:27 . 2008-02-05 22:07 442 --a------ C:\log.html
          2008-02-02 22:03 . 2008-02-02 22:09 121 --a------ C:\WINDOWS\PCPRO.INI
          2008-02-02 20:14 . 2008-02-02 20:14 0 --a------ C:\WINDOWS\MusicEditor.INI
          2008-02-02 20:11 . 2008-02-02 20:11 363 --a------ C:\WINDOWS\TOC Printer.INI
          2008-02-02 20:06 . 2008-02-02 20:06 2,764 --a------ C:\WINDOWS\system32\$$$mclip.cfg
          2008-02-02 20:06 . 2008-02-02 20:06 564 --a------ C:\WINDOWS\system\cdplayer.dat
          2008-02-02 14:28 . 2008-02-02 14:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
          2008-02-02 14:27 . 2008-02-02 14:40 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\MSN6
          2008-01-31 23:31 . 2008-01-31 23:45 220 --a------ C:\WINDOWS\Oh4Win.ini
          2008-01-31 23:31 . 2008-01-31 23:44 48 --a------ C:\WINDOWS\OH4WIN.REG
          2008-01-30 22:11 . 2008-01-30 23:08 <DIR> d-------- C:\Program Files\dirlot
          2008-01-28 22:24 . 2008-01-28 22:24 12 --a------ C:\test.bat
          2008-01-28 22:24 . 2008-01-28 22:24 0 --a------ C:\test.bat.bak
          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-23 17:17 375,084 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
          2008-02-23 17:17 375,084 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
          2008-02-23 16:13 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-02-23 13:52 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
          2008-02-23 13:52 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
          2008-02-21 22:36 --------- d-----w C:\Program Files\BackupX
          2008-02-20 20:43 --------- d-----w C:\Program Files\Maxthon
          2008-02-19 11:01 278,553 ----a-w C:\WINDOWS\Fonts\Setup.exe
          2008-02-17 10:04 --------- d-----w C:\Program Files\SpamPal
          2008-02-15 17:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
          2008-02-15 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-02-12 22:24 --------- d-----w C:\Program Files\Snapshot Viewer
          2008-02-12 20:51 --------- d-----w C:\Program Files\Google
          2008-02-12 20:43 --------- d-----w C:\Program Files\ICQLite
          2008-02-12 20:43 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\ICQ
          2008-02-05 22:24 --------- d-----w C:\Program Files\PokerStars
          2008-02-05 22:18 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Xfire
          2008-02-04 21:39 --------- d-----w C:\Program Files\TL
          2008-02-04 21:08 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\U3
          2008-02-02 20:48 --------- d-----w C:\Program Files\Offline Explorer Enterprise
          2008-02-02 01:47 --------- d-----w C:\Program Files\UltraEdit
          2008-02-01 20:40 --------- d-----w C:\Program Files\Xfire
          2008-01-30 20:09 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\IDMComp
          2008-01-29 20:04 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\SpamPal
          2008-01-29 15:06 --------- d-----w C:\Program Files\Belastingdienst
          2008-01-28 19:39 --------- d-----w C:\Program Files\The Bat!
          2008-01-28 17:17 --------- d-----w C:\Program Files\BankingTools
          2008-01-16 22:37 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
          2007-12-28 12:44 --------- d-----w C:\Program Files\TurboFTP
          2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
          2006-04-19 12:23 379 ----a-w C:\Program Files\smtp.log
          2006-03-27 18:57 16,779,392 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p.exe
          2005-10-11 14:38 2,855 ----a-w C:\Program Files\MS-DOS Prompt.pif
          2002-06-13 08:08 578 ----a-r C:\Program Files\jive.license
          2001-06-17 11:59 221,184 ----a-w C:\Program Files\Whois.exe
          .
          ------- Sigcheck -------
          "C:\WINDOWS\system32\svchost.exe"
          ----a-w 14,336 2004-08-04 08:03:35 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\svchost.exe
          ----a-w 14,336 2004-08-03 23:03:36 C:\WINDOWS\system32\svchost.exe
          -c--a-w 14,336 2004-08-03 23:03:36 C:\WINDOWS\system32\dllcache\svchost.exe
          "C:\WINDOWS\system32\user32.dll"
          ----a-w 578,560 2004-08-04 08:03:23 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\user32.dll
          ----a-w 579,072 2007-03-08 15:39:10 C:\WINDOWS\system32\user32.dll
          -c--a-w 579,072 2007-03-08 15:39:10 C:\WINDOWS\system32\dllcache\user32.dll
          "C:\WINDOWS\system32\ws2_32.dll"
          ----a-w 82,944 2004-08-04 08:03:24 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ws2_32.dll
          ----a-w 82,944 2004-08-03 23:03:26 C:\WINDOWS\system32\ws2_32.dll
          -c--a-w 82,944 2004-08-03 23:03:26 C:\WINDOWS\system32\dllcache\ws2_32.dll
          "C:\WINDOWS\system32\wininet.dll"
          ----a-w 580,096 2006-02-24 13:22:46 C:\WINDOWS\SoftwareDistribution\Download\2ae8f3333581c2bf537dc03e36635ff5\rtmgdr\wininet.dll
          ----a-w 591,360 2006-02-24 23:56:48 C:\WINDOWS\SoftwareDistribution\Download\2ae8f3333581c2bf537dc03e36635ff5\RTMQFE\wininet.dll
          ----a-w 659,456 2004-08-04 08:03:23 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\wininet.dll
          ----a-w 662,528 2007-10-11 06:14:46 C:\WINDOWS\system32\wininet.dll
          -c--a-w 662,528 2007-10-11 06:14:46 C:\WINDOWS\system32\dllcache\wininet.dll
          "C:\WINDOWS\system32\drivers\tcpip.sys"
          ----a-w 359,040 2004-08-04 06:14:40 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\tcpip.sys
          -c--a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
          ----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\drivers\tcpip.sys
          "C:\WINDOWS\system32\winlogon.exe"
          ----a-w 504,832 2004-08-04 08:03:36 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\winlogon.exe
          ----a-w 504,832 2004-08-03 23:03:38 C:\WINDOWS\system32\winlogon.exe
          -c--a-w 504,832 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\winlogon.exe
          "C:\WINDOWS\system32\drivers\ndis.sys"
          ----a-w 182,912 2004-08-04 06:14:28 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ndis.sys
          -c--a-w 182,912 2004-08-03 21:14:30 C:\WINDOWS\system32\dllcache\ndis.sys
          ----a-w 182,912 2004-08-03 21:14:30 C:\WINDOWS\system32\drivers\ndis.sys
          "C:\WINDOWS\system32\drivers\ip6fw.sys"
          ----a-w 29,056 2004-08-04 06:00:06 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ip6fw.sys
          -c--a-w 29,056 2004-08-03 21:00:08 C:\WINDOWS\system32\dllcache\ip6fw.sys
          ----a-w 29,056 2004-08-03 21:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys
          "C:\WINDOWS\system32\ntkrnlpa.exe"
          ------w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
          ----a-w 2,061,184 2004-08-04 07:58:07 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ntkrnlpa.exe
          ----a-w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\system32\ntkrnlpa.exe
          -c----w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
          "C:\WINDOWS\system32\ntoskrnl.exe"
          ------w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
          ----a-w 2,185,344 2004-08-04 07:58:29 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ntoskrnl.exe
          ----a-w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\system32\ntoskrnl.exe
          -c----w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
          "C:\WINDOWS\explorer.exe"
          ----a-w 1,036,800 2007-06-13 13:24:02 C:\WINDOWS\explorer.exe
          ----a-w 1,035,776 2004-08-04 08:03:28 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\explorer.exe
          -c--a-w 1,036,800 2007-06-13 13:24:02 C:\WINDOWS\system32\dllcache\explorer.exe
          .
          -- Snapshot reset to current date --
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{050FA8EB-BCA9-462A-B437-7FF0720F4D88}]
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}]
          C:\WINDOWS\system32\awtrpnm.dll
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
          2008-02-16 17:48 1555480 --a------ C:\Program Files\LimewirePlus\tbLim1.dll
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0E5AD9D-7D7B-418D-9646-3FF6DA198E59}]
          C:\WINDOWS\system32\ljhed.dll
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6f95be-daf0-47b2-a726-ed3dabb42a7b}]
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          {62999427-33FC-4BAF-9C9C-BCE6BD127F08}
          {EF99BD32-C1FB-11D2-892F-0090271D4F88}
          {47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}
          {47833539-D0C5-4125-9FA8-0819E2EAAC93}
          [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
          "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-02-16 17:48 1555480]
          [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
          "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
          "WeatherWatcher"="D:\Program Files\Weather Watcher\ww.exe" [2006-09-05 23:42 966656]
          "Picasa Media Detector"="d:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.exe" [2007-07-19 14:23 455984]
          "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
          "PPFW"="c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PPFW.exe" [2007-07-09 11:03 165168]
          "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]
          "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-13 02:49 974898]
          "Mirabilis ICQ"="C:\Program Files\ICQ\ICQNet.exe" [2003-01-13 14:20 49230]
          "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
          "spampal"="C:\Program Files\SpamPal\spampal.exe" [2005-10-24 20:08 387616]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
          "Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
          "@"=""
          "combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 00:03 399360]
          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]
          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}"= C:\WINDOWS\system32\awtrpnm.dll [ ]
          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
          avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll
          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrpnm]
          awtrpnm.dll
          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
          "LoadAppInit_DLLs"=1 (0x1)
          R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\System32\Drivers\NETFLTDI.SYS [2007-05-11 08:33]
          R3 ELNK3;3Com EtherLink III;C:\WINDOWS\system32\DRIVERS\elnk3.sys [2001-08-17 19:10]
          R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 14:43]
          S1 APPFLT;App Filter Plugin;C:\WINDOWS\System32\Drivers\APPFLT.SYS [2007-05-11 08:33]
          S1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\System32\Drivers\DSAFLT.SYS [2007-05-11 08:33]
          S1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\System32\Drivers\fnetmon.SYS [2007-05-11 08:33]
          S1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\System32\Drivers\IDSFLT.SYS [2007-07-11 10:39]
          S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 15:40]
          S1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\System32\Drivers\SMSFLT.SYS [2007-05-11 08:33]
          S1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\System32\Drivers\WNMFLT.SYS [2007-05-11 08:33]
          S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\drivers\cpoint.sys [2007-06-08 07:44]
          S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-07-12 13:49]
          S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
          S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 21:19]
          S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-18 23:08]
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-23 19:00:00 C:\WINDOWS\Tasks\BE6AD71591615575.job"
          - c:\docume~2\frankj~1.000\applic~1\playam~1\SCR ITCH REGS.exe
          .
          **************************************************************************
          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-24 01:23:43
          Windows 5.1.2600 Service Pack 2 NTFS
          detected NTDLL code modification:
          ZwClose
          scannen van verborgen processen ...
          scannen van verborgen autostart items ...
          scannen van verborgen bestanden ...
          Scan succesvol afgerond
          verborgen bestanden: 0
          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          C:\Program Files\Ahead\InCD\InCDsrv.exe
          C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
          C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
          C:\Program Files\BackupX\BackupX.exe
          C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-24 1:33:23 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-24 00:32:58
          ComboFix2.txt 2008-02-22 22:57:29
          ComboFix3.txt 2008-02-20 19:26:40
          .
          2007-12-18 22:04:00 --- E O F ---
          Groeten,

          Bunnie
          all computers wait at the same speed

          Comment


          • #6
            Hi Bunnie,

            Sorry voor de late reactie, ik moest eerst even wat navragen, maar voordat ik antwoord kreeg was ik al weer dit weekendje weg. Hierbij de volgende instructies:

            Open een nieuw kladblok bestand.

            Kopieer en plak daarin de onderstaande code.
            Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.

            Code:
            File::
            C:\n.bat
            C:\WINDOWS\system32\ljhed.dll
            C:\WINDOWS\system32\awtrpnm.dll
            
            Registry::
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{050FA8EB-BCA9-462A-B437-7FF0720F4D88}]
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}]
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0E5AD9D-7D7B-418D-9646-3FF6DA198E59}]
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6f95be-daf0-47b2-a726-ed3dabb42a7b}]
            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
            "{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}"=-
            [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrpnm]
            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



            Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
            Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

            Comment


            • #7
              ben nu in t buitenland en kan pas in t weekend reageren.
              Groeten,

              Bunnie
              all computers wait at the same speed

              Comment


              • #8
                We zien vanzelf wel

                Comment


                • #9
                  hier de gevraagde logs.combofix op moeten starten vanuit dos-venster met combofix cfscript.txtna combofix was explorer weg en startknop onbruikbaar; opnieuw opgestart en de hjt-log gemaakt.ComboFix 08-03-06.4 - Frank 2008-03-07 10:59:52.2 - NTFSx86Gestart vanuit: C:\Documents and Settings\Frank.JMW.000\Bureaublad\ComboFix.exeCommand switches used :: cfscript.txtWAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!.(((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\rightonadz-uninst.exe.(((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))).2008-02-23 17:19 . 2008-02-23 17:19 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems2008-02-23 17:17 . 2008-02-23 17:17 d-------- C:\Program Files\Common Files\Adobe Systems Shared2008-02-23 15:08 . 2008-02-23 15:08 134 --a------ C:\n.bat2008-02-23 14:44 . 2008-02-23 14:44 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom2008-02-22 00:27 . 2008-02-22 00:30 d-------- C:\WINDOWS\system32\URTTemp2008-02-21 21:39 . 2008-02-23 14:44 d-------- C:\Program Files\Java2008-02-20 00:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys2008-02-20 00:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys2008-02-20 00:23 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys2008-02-20 00:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys2008-02-20 00:22 . 2008-03-07 10:27 d-------- C:\Program Files\Spyware Doctor2008-02-20 00:22 . 2008-02-20 00:22 d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\PC Tools2008-02-19 21:13 . 2008-02-19 23:59 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy2008-02-19 12:01 . 2008-02-19 12:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll2008-02-18 17:16 . 2008-02-18 17:16 24,248 --a------ C:\Documents and Settings\Frank.JMW.000\Application Data\GDIPFONTCACHEV1.DAT2008-02-16 16:11 . 2008-02-19 23:53 d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\Lavasoft2008-02-16 15:43 . 2008-03-07 10:20 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP2008-02-16 15:39 . 2008-02-16 15:39 164 --a------ C:\install.dat2008-02-16 15:38 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX2008-02-16 15:30 . 2008-02-16 15:30 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx2008-02-16 15:28 . 2008-02-22 23:13 d-------- C:\Temp2008-02-16 14:52 . 2008-02-25 19:43 d--h----- C:\WINDOWS\system32\GroupPolicy2008-02-16 14:51 . 2008-02-20 00:05 d-------- C:\Program Files\Hitman Pro2008-02-16 00:52 . 2008-02-20 00:10 d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\BitDownload2008-02-16 00:50 . 2008-02-16 00:50 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\2 team frag settings2008-02-15 18:47 . 2008-02-15 18:47 d-------- C:\Documents and Settings\FRANKJ~1~000\LOCALS~12008-02-15 16:50 . 2008-02-15 17:06 40 --a------ C:\WINDOWS\nero.INI2008-02-15 15:48 . 2008-02-23 15:59 d-------- C:\Program Files\ICQ2008-02-14 23:48 . 2008-02-14 23:48 d-------- C:\WINDOWS\InCD2008-02-14 23:48 . 2003-07-13 02:49 1,155,072 --------- C:\WINDOWS\NuNinst.exe2008-02-14 23:48 . 2003-07-13 02:49 85,360 --------- C:\WINDOWS\system32\drivers\incdfs.sys2008-02-14 23:48 . 2003-07-13 02:49 47,262 --------- C:\WINDOWS\NuNinst.cfg2008-02-14 23:48 . 2003-07-13 02:49 26,784 --------- C:\WINDOWS\system32\drivers\incdpass.sys2008-02-14 23:48 . 2003-07-13 02:49 4,976 --------- C:\WINDOWS\system32\drivers\incdrec.sys2008-02-14 23:45 . 2003-07-13 02:49 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys2008-02-14 23:45 . 2003-07-13 02:49 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl2008-02-14 23:44 . 2003-07-13 02:49 569,344 --a------ C:\WINDOWS\system32\imagr5.dll2008-02-14 23:44 . 2003-07-13 02:49 544,768 --a------ C:\WINDOWS\system32\imagx5.dll2008-02-14 23:44 . 2003-07-13 02:49 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll2008-02-14 23:44 . 2003-07-13 02:49 38,912 --a------ C:\WINDOWS\system32\picn20.dll2008-02-14 23:43 . 2008-02-14 23:44 d-------- C:\Program Files\Common Files\Ahead2008-02-14 23:43 . 2008-02-14 23:48 d-------- C:\Program Files\Ahead2008-02-14 23:43 . 2003-07-13 02:49 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe2008-02-12 23:29 . 2008-02-12 23:29 d-------- C:\Program Files\Microsoft ActiveSync2008-02-12 23:26 . 2008-02-12 23:28 d-------- C:\WINDOWS\ShellNew2008-02-12 23:26 . 2008-02-12 23:26 d-------- C:\Program Files\Common Files\L&H2008-02-12 22:40 . 2008-02-13 00:12 21,044 --ah----- C:\WINDOWS\system32\mlfcache.dat2008-02-12 21:56 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys2008-02-12 21:56 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys2008-02-11 23:42 . 2008-02-11 23:42 d-------- C:\Documents and Settings\Frank.JMW.000\LimeWire Store Purchased2008-02-11 23:42 . 2008-02-11 23:42 d-------- C:\Documents and Settings\Frank.JMW.000\LimeWire Shared2008-02-11 23:39 . 2008-02-11 23:39 d-------- C:\Documents and Settings\Frank.JMW.000\Incomplete2008-02-11 23:38 . 2008-02-19 12:33 d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\LimeWirePlus2008-02-11 23:36 . 2008-02-16 17:48 d-------- C:\Program Files\LimewirePlus.((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-23 17:17 375,084 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck2008-02-23 17:17 375,084 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT2008-02-23 16:13 --------- d-----w C:\Program Files\Common Files\Adobe2008-02-23 13:52 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck2008-02-23 13:52 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG2008-02-21 22:36 --------- d-----w C:\Program Files\BackupX2008-02-20 20:43 --------- d-----w C:\Program Files\Maxthon2008-02-19 11:01 278,553 ----a-w C:\WINDOWS\Fonts\Setup.exe2008-02-17 10:04 --------- d-----w C:\Program Files\SpamPal2008-02-15 17:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer2008-02-15 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-02-12 22:24 --------- d-----w C:\Program Files\Snapshot Viewer2008-02-12 20:51 --------- d-----w C:\Program Files\Google2008-02-12 20:43 --------- d-----w C:\Program Files\ICQLite2008-02-12 20:43 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\ICQ2008-02-06 22:02 --------- d-----w C:\Program Files\URLBase 4.02008-02-05 22:24 --------- d-----w C:\Program Files\PokerStars2008-02-05 22:18 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Xfire2008-02-05 21:41 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Leadertech2008-02-04 21:54 737,280 ----a-w C:\WINDOWS\iun6002.exe2008-02-04 21:39 --------- d-----w C:\Program Files\TL2008-02-04 21:31 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Sonic Foundry2008-02-04 21:08 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\U32008-02-02 22:00 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\SecureMaker2008-02-02 21:37 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Secretmaker2008-02-02 20:48 --------- d-----w C:\Program Files\Offline Explorer Enterprise2008-02-02 13:40 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\MSN62008-02-02 13:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN62008-02-02 01:47 --------- d-----w C:\Program Files\UltraEdit2008-02-01 20:40 --------- d-----w C:\Program Files\Xfire2008-01-30 22:08 --------- d-----w C:\Program Files\dirlot2008-01-30 20:09 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\IDMComp2008-01-29 20:04 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\SpamPal2008-01-29 15:06 --------- d-----w C:\Program Files\Belastingdienst2008-01-28 21:24 12 ----a-w C:\test.bat2008-01-28 19:39 --------- d-----w C:\Program Files\The Bat!2008-01-28 17:17 --------- d-----w C:\Program Files\BankingTools2008-01-16 22:37 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe2006-04-19 12:23 379 ----a-w C:\Program Files\smtp.log2006-03-27 18:57 16,779,392 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p.exe2005-10-11 14:38 2,855 ----a-w C:\Program Files\MS-DOS Prompt.pif2002-06-13 08:08 578 ----a-r C:\Program Files\jive.license2001-06-17 11:59 221,184 ----a-w C:\Program Files\Whois.exe.------- Sigcheck -------ab8c6d89a897bacba4657fdf00e344a6 C:\WINDOWS\system32\svchost.exe----a-w 14,336 2004-08-04 08:03:35 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\svchost.exe----a-w 14,336 2004-08-03 23:03:36 C:\WINDOWS\system32\svchost.exe-c--a-w 14,336 2004-08-03 23:03:36 C:\WINDOWS\system32\dllcache\svchost.execb18f701a5d55a6308fab8d18322c060 C:\WINDOWS\system32\user32.dll----a-w 578,560 2004-08-04 08:03:23 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\user32.dll----a-w 579,072 2007-03-08 15:39:10 C:\WINDOWS\system32\user32.dll-c--a-w 579,072 2007-03-08 15:39:10 C:\WINDOWS\system32\dllcache\user32.dll06ebcbe58321e924980148b7e3dbd753 C:\WINDOWS\system32\ws2_32.dll----a-w 82,944 2004-08-04 08:03:24 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ws2_32.dll----a-w 82,944 2004-08-03 23:03:26 C:\WINDOWS\system32\ws2_32.dll-c--a-w 82,944 2004-08-03 23:03:26 C:\WINDOWS\system32\dllcache\ws2_32.dll23bbeca3deff67ee5b4c444a143e45a6 C:\WINDOWS\system32\wininet.dll----a-w 580,096 2006-02-24 13:22:46 C:\WINDOWS\SoftwareDistribution\Download\2ae8f3333581c2bf537dc03e36635ff5\rtmgdr\wininet.dll----a-w 591,360 2006-02-24 23:56:48 C:\WINDOWS\SoftwareDistribution\Download\2ae8f3333581c2bf537dc03e36635ff5\RTMQFE\wininet.dll----a-w 659,456 2004-08-04 08:03:23 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\wininet.dll----a-w 662,528 2007-10-11 06:14:46 C:\WINDOWS\system32\wininet.dll-c--a-w 662,528 2007-10-11 06:14:46 C:\WINDOWS\system32\dllcache\wininet.dll1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys----a-w 359,040 2004-08-04 06:14:40 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\tcpip.sys-c--a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\drivers\tcpip.sys732ed791711df9c9dd15e5515bc681b8 C:\WINDOWS\system32\winlogon.exe----a-w 504,832 2004-08-04 08:03:36 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\winlogon.exe----a-w 504,832 2004-08-03 23:03:38 C:\WINDOWS\system32\winlogon.exe-c--a-w 504,832 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\winlogon.exe558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys----a-w 182,912 2004-08-04 06:14:28 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ndis.sys-c--a-w 182,912 2004-08-03 21:14:30 C:\WINDOWS\system32\dllcache\ndis.sys----a-w 182,912 2004-08-03 21:14:30 C:\WINDOWS\system32\drivers\ndis.sys4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys----a-w 29,056 2004-08-04 06:00:06 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ip6fw.sys-c--a-w 29,056 2004-08-03 21:00:08 C:\WINDOWS\system32\dllcache\ip6fw.sys----a-w 29,056 2004-08-03 21:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\ntkrnlpa.exe------w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe----a-w 2,061,184 2004-08-04 07:58:07 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ntkrnlpa.exe----a-w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\system32\ntkrnlpa.exe-c----w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\system32\dllcache\ntkrnlpa.execaaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\ntoskrnl.exe------w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe----a-w 2,185,344 2004-08-04 07:58:29 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ntoskrnl.exe----a-w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\system32\ntoskrnl.exe-c----w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\system32\dllcache\ntoskrnl.exe147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\explorer.exe----a-w 1,036,800 2007-06-13 13:24:02 C:\WINDOWS\explorer.exe----a-w 1,035,776 2004-08-04 08:03:28 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\explorer.exe-c--a-w 1,036,800 2007-06-13 13:24:02 C:\WINDOWS\system32\dllcache\explorer.exe.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..REGEDIT4*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]2008-02-16 17:48 1555480 --a------ C:\Program Files\LimewirePlus\tbLim1.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-02-16 17:48 1555480][HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-02-16 17:48 1555480][HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]"WeatherWatcher"="D:\Program Files\Weather Watcher\ww.exe" [2006-09-05 23:42 966656]"Picasa Media Detector"="d:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.exe" [2007-07-19 14:23 455984]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]"PPFW"="c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PPFW.exe" [2007-07-09 11:03 165168]"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-13 02:49 974898]"Mirabilis ICQ"="C:\Program Files\ICQ\ICQNet.exe" [2003-01-13 14:20 49230]"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]"spampal"="C:\Program Files\SpamPal\spampal.exe" [2005-10-24 20:08 387616]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).Inhoud van de 'Gedeelde Taken' map"2008-02-23 19:00:00 C:\WINDOWS\Tasks\BE6AD71591615575.job"- c:\docume~2\frankj~1.000\applic~1\playam~1\SCR ITCH REGS.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-07 11:13:07Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:ZwClosescannen van verborgen processen ...scannen van verborgen autostart items ...scannen van verborgen bestanden ...Scan succesvol afgerond verborgen bestanden: 0 **************************************************************************.Voltooingstijd: 2008-03-07 11:19:52ComboFix-quarantined-files.txt 2008-03-07 10:19:31ComboFix2.txt 2008-02-24 00:33:31ComboFix3.txt 2008-02-22 22:57:29ComboFix4.txt 2008-02-20 19:26:40.2007-12-18 22:04:00 --- E O F --- Logfile of HijackThis v1.99.1Scan saved at 11:32:27, on 7-3-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC :\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXEC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeD:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\WINDOWS\system32\ctfmon.exeD:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exeC:\Documents and Settings\Frank.JMW.000\Bureaublad\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllR3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dllO2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:titanium /mod:7 /flg:2 /ver:7.0.0O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"O4 - HKLM\..\Run: [Mirabilis ICQ] "C:\Program Files\ICQ\ICQNet.exe"O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [spampal] C:\Program Files\SpamPal\spampal.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [WeatherWatcher] "D:\Program Files\Weather Watcher\ww.exe"O4 - HKCU\..\Run: [Picasa Media Detector] "d:\Program Files\Picasa2\PicasaMediaDetector.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Startup: BackupXpress.lnk = C:\Program Files\BackupX\BackupX.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: BackupXpress.lnk = C:\Program Files\BackupX\BackupX.exeO8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htmO8 - Extra context menu item: Download the &current page with Offline Explorer - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htmO8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exeO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138O17 - HKLM\System\CS1\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138O17 - HKLM\System\CS2\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138O17 - HKLM\System\CS3\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - (no file)O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Services voor cryptografie (CryptSvc) - Panda Software - (no file)O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Panda Software - (no file)O23 - Service: DHCP Client (Dhcp) - Panda Software - (no file)O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exeO23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Help en ondersteuning (helpsvc) - Google - (no file)O23 - Service: HID Input Service (HidServ) - Google - (no file)O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: Server (lanmanserver) - Logitech, Inc. - (no file)O23 - Service: Workstation (lanmanworkstation) - Logitech, Inc. - (no file)O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Logitech, Inc. - (no file)O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsCtrls.exeO23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exeO23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PSHOST.EXEO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Secondary Logon (seclogon) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)O23 - Service: System Event Notification (SENS) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
                  Last edited by Bunnie; 07-03-08, 11:47.
                  Groeten,

                  Bunnie
                  all computers wait at the same speed

                  Comment


                  • #10
                    ff zien of ik de newline terug krijg
                    ...dat lukt dus niet. in kladblok staat t wel normaal
                    het lijkt wel of het aan de foruminstelling ligt
                    ...
                    nu ingesteld als simpel tekstveld+

                    ComboFix 08-03-06.4 - Frank 2008-03-07 10:59:52.2 - NTFSx86
                    Gestart vanuit: C:\Documents and Settings\Frank.JMW.000\Bureaublad\ComboFix.exe
                    Command switches used :: cfscript.txt

                    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                    .

                    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                    .

                    C:\WINDOWS\system32\rightonadz-uninst.exe

                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))
                    .

                    2008-02-23 17:19 . 2008-02-23 17:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
                    2008-02-23 17:17 . 2008-02-23 17:17 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
                    2008-02-23 15:08 . 2008-02-23 15:08 134 --a------ C:\n.bat
                    2008-02-23 14:44 . 2008-02-23 14:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
                    2008-02-22 00:27 . 2008-02-22 00:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
                    2008-02-21 21:39 . 2008-02-23 14:44 <DIR> d-------- C:\Program Files\Java
                    2008-02-20 00:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                    2008-02-20 00:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                    2008-02-20 00:23 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                    2008-02-20 00:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
                    2008-02-20 00:22 . 2008-03-07 10:27 <DIR> d-------- C:\Program Files\Spyware Doctor
                    2008-02-20 00:22 . 2008-02-20 00:22 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\PC Tools
                    2008-02-19 21:13 . 2008-02-19 23:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
                    2008-02-19 12:01 . 2008-02-19 12:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
                    2008-02-18 17:16 . 2008-02-18 17:16 24,248 --a------ C:\Documents and Settings\Frank.JMW.000\Application Data\GDIPFONTCACHEV1.DAT
                    2008-02-16 16:11 . 2008-02-19 23:53 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\Lavasoft
                    2008-02-16 15:43 . 2008-03-07 10:20 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
                    2008-02-16 15:39 . 2008-02-16 15:39 164 --a------ C:\install.dat
                    2008-02-16 15:38 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
                    2008-02-16 15:30 . 2008-02-16 15:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
                    2008-02-16 15:28 . 2008-02-22 23:13 <DIR> d-------- C:\Temp
                    2008-02-16 14:52 . 2008-02-25 19:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
                    2008-02-16 14:51 . 2008-02-20 00:05 <DIR> d-------- C:\Program Files\Hitman Pro
                    2008-02-16 00:52 . 2008-02-20 00:10 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\BitDownload
                    2008-02-16 00:50 . 2008-02-16 00:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\2 team frag settings
                    2008-02-15 18:47 . 2008-02-15 18:47 <DIR> d-------- C:\Documents and Settings\FRANKJ~1~000\LOCALS~1
                    2008-02-15 16:50 . 2008-02-15 17:06 40 --a------ C:\WINDOWS\nero.INI
                    2008-02-15 15:48 . 2008-02-23 15:59 <DIR> d-------- C:\Program Files\ICQ
                    2008-02-14 23:48 . 2008-02-14 23:48 <DIR> d-------- C:\WINDOWS\InCD
                    2008-02-14 23:48 . 2003-07-13 02:49 1,155,072 --------- C:\WINDOWS\NuNinst.exe
                    2008-02-14 23:48 . 2003-07-13 02:49 85,360 --------- C:\WINDOWS\system32\drivers\incdfs.sys
                    2008-02-14 23:48 . 2003-07-13 02:49 47,262 --------- C:\WINDOWS\NuNinst.cfg
                    2008-02-14 23:48 . 2003-07-13 02:49 26,784 --------- C:\WINDOWS\system32\drivers\incdpass.sys
                    2008-02-14 23:48 . 2003-07-13 02:49 4,976 --------- C:\WINDOWS\system32\drivers\incdrec.sys
                    2008-02-14 23:45 . 2003-07-13 02:49 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
                    2008-02-14 23:45 . 2003-07-13 02:49 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
                    2008-02-14 23:44 . 2003-07-13 02:49 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
                    2008-02-14 23:44 . 2003-07-13 02:49 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
                    2008-02-14 23:44 . 2003-07-13 02:49 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
                    2008-02-14 23:44 . 2003-07-13 02:49 38,912 --a------ C:\WINDOWS\system32\picn20.dll
                    2008-02-14 23:43 . 2008-02-14 23:44 <DIR> d-------- C:\Program Files\Common Files\Ahead
                    2008-02-14 23:43 . 2008-02-14 23:48 <DIR> d-------- C:\Program Files\Ahead
                    2008-02-14 23:43 . 2003-07-13 02:49 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
                    2008-02-12 23:29 . 2008-02-12 23:29 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
                    2008-02-12 23:26 . 2008-02-12 23:28 <DIR> d-------- C:\WINDOWS\ShellNew
                    2008-02-12 23:26 . 2008-02-12 23:26 <DIR> d-------- C:\Program Files\Common Files\L&H
                    2008-02-12 22:40 . 2008-02-13 00:12 21,044 --ah----- C:\WINDOWS\system32\mlfcache.dat
                    2008-02-12 21:56 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
                    2008-02-12 21:56 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
                    2008-02-11 23:42 . 2008-02-11 23:42 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\LimeWire Store Purchased
                    2008-02-11 23:42 . 2008-02-11 23:42 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\LimeWire Shared
                    2008-02-11 23:39 . 2008-02-11 23:39 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Incomplete
                    2008-02-11 23:38 . 2008-02-19 12:33 <DIR> d-------- C:\Documents and Settings\Frank.JMW.000\Application Data\LimeWirePlus
                    2008-02-11 23:36 . 2008-02-16 17:48 <DIR> d-------- C:\Program Files\LimewirePlus

                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2008-02-23 17:17 375,084 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
                    2008-02-23 17:17 375,084 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
                    2008-02-23 16:13 --------- d-----w C:\Program Files\Common Files\Adobe
                    2008-02-23 13:52 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
                    2008-02-23 13:52 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
                    2008-02-21 22:36 --------- d-----w C:\Program Files\BackupX
                    2008-02-20 20:43 --------- d-----w C:\Program Files\Maxthon
                    2008-02-19 11:01 278,553 ----a-w C:\WINDOWS\Fonts\Setup.exe
                    2008-02-17 10:04 --------- d-----w C:\Program Files\SpamPal
                    2008-02-15 17:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
                    2008-02-15 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
                    2008-02-12 22:24 --------- d-----w C:\Program Files\Snapshot Viewer
                    2008-02-12 20:51 --------- d-----w C:\Program Files\Google
                    2008-02-12 20:43 --------- d-----w C:\Program Files\ICQLite
                    2008-02-12 20:43 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\ICQ
                    2008-02-06 22:02 --------- d-----w C:\Program Files\URLBase 4.0
                    2008-02-05 22:24 --------- d-----w C:\Program Files\PokerStars
                    2008-02-05 22:18 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Xfire
                    2008-02-05 21:41 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Leadertech
                    2008-02-04 21:54 737,280 ----a-w C:\WINDOWS\iun6002.exe
                    2008-02-04 21:39 --------- d-----w C:\Program Files\TL
                    2008-02-04 21:31 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Sonic Foundry
                    2008-02-04 21:08 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\U3
                    2008-02-02 22:00 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\SecureMaker
                    2008-02-02 21:37 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\Secretmaker
                    2008-02-02 20:48 --------- d-----w C:\Program Files\Offline Explorer Enterprise
                    2008-02-02 13:40 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\MSN6
                    2008-02-02 13:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
                    2008-02-02 01:47 --------- d-----w C:\Program Files\UltraEdit
                    2008-02-01 20:40 --------- d-----w C:\Program Files\Xfire
                    2008-01-30 22:08 --------- d-----w C:\Program Files\dirlot
                    2008-01-30 20:09 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\IDMComp
                    2008-01-29 20:04 --------- d-----w C:\Documents and Settings\Frank.JMW.000\Application Data\SpamPal
                    2008-01-29 15:06 --------- d-----w C:\Program Files\Belastingdienst
                    2008-01-28 21:24 12 ----a-w C:\test.bat
                    2008-01-28 19:39 --------- d-----w C:\Program Files\The Bat!
                    2008-01-28 17:17 --------- d-----w C:\Program Files\BankingTools
                    2008-01-16 22:37 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
                    2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
                    2006-04-19 12:23 379 ----a-w C:\Program Files\smtp.log
                    2006-03-27 18:57 16,779,392 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p.exe
                    2005-10-11 14:38 2,855 ----a-w C:\Program Files\MS-DOS Prompt.pif
                    2002-06-13 08:08 578 ----a-r C:\Program Files\jive.license
                    2001-06-17 11:59 221,184 ----a-w C:\Program Files\Whois.exe
                    .

                    ------- Sigcheck -------

                    ab8c6d89a897bacba4657fdf00e344a6 C:\WINDOWS\system32\svchost.exe
                    ----a-w 14,336 2004-08-04 08:03:35 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\svchost.exe
                    ----a-w 14,336 2004-08-03 23:03:36 C:\WINDOWS\system32\svchost.exe
                    -c--a-w 14,336 2004-08-03 23:03:36 C:\WINDOWS\system32\dllcache\svchost.exe

                    cb18f701a5d55a6308fab8d18322c060 C:\WINDOWS\system32\user32.dll
                    ----a-w 578,560 2004-08-04 08:03:23 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\user32.dll
                    ----a-w 579,072 2007-03-08 15:39:10 C:\WINDOWS\system32\user32.dll
                    -c--a-w 579,072 2007-03-08 15:39:10 C:\WINDOWS\system32\dllcache\user32.dll

                    06ebcbe58321e924980148b7e3dbd753 C:\WINDOWS\system32\ws2_32.dll
                    ----a-w 82,944 2004-08-04 08:03:24 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ws2_32.dll
                    ----a-w 82,944 2004-08-03 23:03:26 C:\WINDOWS\system32\ws2_32.dll
                    -c--a-w 82,944 2004-08-03 23:03:26 C:\WINDOWS\system32\dllcache\ws2_32.dll

                    23bbeca3deff67ee5b4c444a143e45a6 C:\WINDOWS\system32\wininet.dll
                    ----a-w 580,096 2006-02-24 13:22:46 C:\WINDOWS\SoftwareDistribution\Download\2ae8f3333581c2bf537dc03e36635ff5\rtmgdr\wininet.dll
                    ----a-w 591,360 2006-02-24 23:56:48 C:\WINDOWS\SoftwareDistribution\Download\2ae8f3333581c2bf537dc03e36635ff5\RTMQFE\wininet.dll
                    ----a-w 659,456 2004-08-04 08:03:23 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\wininet.dll
                    ----a-w 662,528 2007-10-11 06:14:46 C:\WINDOWS\system32\wininet.dll
                    -c--a-w 662,528 2007-10-11 06:14:46 C:\WINDOWS\system32\dllcache\wininet.dll

                    1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys
                    ----a-w 359,040 2004-08-04 06:14:40 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\tcpip.sys
                    -c--a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
                    ----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\drivers\tcpip.sys

                    732ed791711df9c9dd15e5515bc681b8 C:\WINDOWS\system32\winlogon.exe
                    ----a-w 504,832 2004-08-04 08:03:36 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\winlogon.exe
                    ----a-w 504,832 2004-08-03 23:03:38 C:\WINDOWS\system32\winlogon.exe
                    -c--a-w 504,832 2004-08-03 23:03:38 C:\WINDOWS\system32\dllcache\winlogon.exe

                    558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
                    ----a-w 182,912 2004-08-04 06:14:28 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ndis.sys
                    -c--a-w 182,912 2004-08-03 21:14:30 C:\WINDOWS\system32\dllcache\ndis.sys
                    ----a-w 182,912 2004-08-03 21:14:30 C:\WINDOWS\system32\drivers\ndis.sys

                    4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
                    ----a-w 29,056 2004-08-04 06:00:06 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ip6fw.sys
                    -c--a-w 29,056 2004-08-03 21:00:08 C:\WINDOWS\system32\dllcache\ip6fw.sys
                    ----a-w 29,056 2004-08-03 21:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys

                    57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\ntkrnlpa.exe
                    ------w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
                    ----a-w 2,061,184 2004-08-04 07:58:07 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ntkrnlpa.exe
                    ----a-w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\system32\ntkrnlpa.exe
                    -c----w 2,061,952 2007-02-28 16:05:16 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

                    caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\ntoskrnl.exe
                    ------w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
                    ----a-w 2,185,344 2004-08-04 07:58:29 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\ntoskrnl.exe
                    ----a-w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\system32\ntoskrnl.exe
                    -c----w 2,184,704 2007-02-28 16:05:16 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

                    147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\explorer.exe
                    ----a-w 1,036,800 2007-06-13 13:24:02 C:\WINDOWS\explorer.exe
                    ----a-w 1,035,776 2004-08-04 08:03:28 C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47fe2d587c4f8623a201f595da\explorer.exe
                    -c--a-w 1,036,800 2007-06-13 13:24:02 C:\WINDOWS\system32\dllcache\explorer.exe
                    .
                    -- Snapshot reset to current date --
                    .
                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    REGEDIT4
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
                    2008-02-16 17:48 1555480 --a------ C:\Program Files\LimewirePlus\tbLim1.dll

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                    "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-02-16 17:48 1555480]

                    [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

                    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
                    "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-02-16 17:48 1555480]

                    [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
                    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
                    "WeatherWatcher"="D:\Program Files\Weather Watcher\ww.exe" [2006-09-05 23:42 966656]
                    "Picasa Media Detector"="d:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
                    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.exe" [2007-07-19 14:23 455984]
                    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
                    "PPFW"="c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PPFW.exe" [2007-07-09 11:03 165168]
                    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]
                    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-07-13 02:49 974898]
                    "Mirabilis ICQ"="C:\Program Files\ICQ\ICQNet.exe" [2003-01-13 14:20 49230]
                    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
                    "spampal"="C:\Program Files\SpamPal\spampal.exe" [2005-10-24 20:08 387616]
                    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
                    "Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
                    avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                    "EnableFirewall"= 0 (0x0)

                    .
                    Inhoud van de 'Gedeelde Taken' map
                    "2008-02-23 19:00:00 C:\WINDOWS\Tasks\BE6AD71591615575.job"
                    - c:\docume~2\frankj~1.000\applic~1\playam~1\SCR ITCH REGS.exe
                    .
                    **************************************************************************

                    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-03-07 11:13:07
                    Windows 5.1.2600 Service Pack 2 NTFS

                    detected NTDLL code modification:
                    ZwClose

                    scannen van verborgen processen ...

                    scannen van verborgen autostart items ...

                    scannen van verborgen bestanden ...

                    Scan succesvol afgerond
                    verborgen bestanden: 0

                    **************************************************************************
                    .
                    Voltooingstijd: 2008-03-07 11:19:52
                    ComboFix-quarantined-files.txt 2008-03-07 10:19:31
                    ComboFix2.txt 2008-02-24 00:33:31
                    ComboFix3.txt 2008-02-22 22:57:29
                    ComboFix4.txt 2008-02-20 19:26:40
                    .
                    2007-12-18 22:04:00 --- E O F ---



                    Logfile of HijackThis v1.99.1
                    Scan saved at 11:32:27, on 7-3-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\csrss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                    C:\Program Files\Ahead\InCD\InCDsrv.exe
                    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
                    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
                    C:\Program Files\Spyware Doctor\pctsAuxs.exe
                    C:\Program Files\Spyware Doctor\pctsSvc.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Spyware Doctor\pctsTray.exe
                    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
                    C:\Program Files\Ahead\InCD\InCD.exe
                    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                    D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
                    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
                    C:\Documents and Settings\Frank.JMW.000\Bureaublad\HijackThis.exe

                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
                    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
                    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
                    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
                    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll
                    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
                    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
                    O4 - HKLM\..\Run: [PPFW] c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:titanium /mod:7 /flg:2 /ver:7.0.0
                    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
                    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
                    O4 - HKLM\..\Run: [Mirabilis ICQ] "C:\Program Files\ICQ\ICQNet.exe"
                    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                    O4 - HKLM\..\Run: [spampal] C:\Program Files\SpamPal\spampal.exe
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
                    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
                    O4 - HKCU\..\Run: [WeatherWatcher] "D:\Program Files\Weather Watcher\ww.exe"
                    O4 - HKCU\..\Run: [Picasa Media Detector] "d:\Program Files\Picasa2\PicasaMediaDetector.exe"
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
                    O4 - Startup: BackupXpress.lnk = C:\Program Files\BackupX\BackupX.exe
                    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
                    O4 - Global Startup: BackupXpress.lnk = C:\Program Files\BackupX\BackupX.exe
                    O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
                    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
                    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                    O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
                    O8 - Extra context menu item: Download the &current page with Offline Explorer - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
                    O8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
                    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
                    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
                    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
                    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
                    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
                    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
                    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
                    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
                    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
                    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
                    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
                    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
                    O17 - HKLM\System\CCS\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
                    O17 - HKLM\System\CS1\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
                    O17 - HKLM\System\CS2\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
                    O17 - HKLM\System\CS3\Services\Tcpip\..\{48E75241-CA98-42B7-BC07-8245CBFF3949}: NameServer = 10.0.0.138
                    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
                    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
                    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
                    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                    O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - (no file)
                    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                    O23 - Service: Services voor cryptografie (CryptSvc) - Panda Software - (no file)
                    O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Panda Software - (no file)
                    O23 - Service: DHCP Client (Dhcp) - Panda Software - (no file)
                    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
                    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: Help en ondersteuning (helpsvc) - Google - (no file)
                    O23 - Service: HID Input Service (HidServ) - Google - (no file)
                    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
                    O23 - Service: Server (lanmanserver) - Logitech, Inc. - (no file)
                    O23 - Service: Workstation (lanmanworkstation) - Logitech, Inc. - (no file)
                    O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Logitech, Inc. - (no file)
                    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsCtrls.exe
                    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
                    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
                    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PSHOST.EXE
                    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
                    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                    O23 - Service: Secondary Logon (seclogon) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)
                    O23 - Service: System Event Notification (SENS) - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - (no file)
                    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
                    Last edited by Bunnie; 07-03-08, 12:00.
                    Groeten,

                    Bunnie
                    all computers wait at the same speed

                    Comment


                    • #11
                      ik denk dat ik alles opnieuw moet installeren; nou ja, eigen schuld, dikke bult
                      Groeten,

                      Bunnie
                      all computers wait at the same speed

                      Comment


                      • #12
                        Hoi ik neem het even over

                        Heb je inmiddels een format en een herinstall gedaan of heb je nog hulp nodig?

                        Laat me maar even weten

                        Groeten smeenk

                        Comment


                        • #13
                          hoewel ik geabbonneerd ben op deze discussie; geen mail ontvangen van je reactie.

                          nu ben ik bezig met het afronden van de installatie. AV geinstalleerd nu bezig met spy/malware preventie; hoop dit geen 2x mee te maken.
                          Heb geen format gedaan wat hopelijk geen probleem zal worden.
                          Groeten,

                          Bunnie
                          all computers wait at the same speed

                          Comment


                          • #14
                            Alle problemen nu voorbij dus?

                            Als je niet geformatteerd hebt zou ik gewoon je scanners nog een keer laten lopen, als er nog wat zit, halen die het er waarschijnlijk wel uit.

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X