Mededeling

Collapse
No announcement yet.

search daily.com

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • search daily.com

    Ook ik heb problemen met search daily.

    Bijgaand mijn log.

    Alvast bedankt voor de hulp.

    mvg

    Marc

    Logfile of HijackThis v1.99.1
    Scan saved at 0:47:39, on 2-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Eset\nod32kui.exe
    D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\MAS\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3E4A5163-8D00-4D3A-8544-61B0844D26AF} - C:\WINDOWS\system32\avmeterj.dll
    O2 - BHO: (no name) - {6AA31362-6F01-43EB-9282-11DA2F138BDA} - C:\WINDOWS\system32\avmeterj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9F8696D0-E87C-4B37-ADA9-880A1D7C89F3} - C:\WINDOWS\system32\avmeterj.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [ioloDelayModule] D:\Program Files\iolo\System Mechanic Professional 6\delay.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "d:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Verzenden naar &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: pdfFactory Pro Dispatcher v3 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /service (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

  • #2
    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden

    Volg de instructies die daar gegeven worden.
    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      ComboFix 08-03-01.3 - MAS 2008-03-02 12:49:31.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1209 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\MAS\Bureaublad\ComboFix.exe
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))
      .

      2008-03-02 03:01 . 2008-03-02 03:01 <DIR> d-------- C:\WINDOWS\LastGood
      2008-03-02 00:11 . 2008-03-02 00:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
      2008-03-02 00:11 . 2008-03-02 00:11 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\SUPERAntiSpyware.com
      2008-03-02 00:11 . 2008-03-02 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-03-02 00:01 . 2008-03-02 00:01 <DIR> d-------- C:\Program Files\Enigma Software Group
      2008-03-01 21:45 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-03-01 21:45 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-03-01 21:45 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-03-01 21:45 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-03-01 16:20 . 2008-03-01 17:21 <DIR> d-------- C:\Program Files\Common Files\DAZ
      2008-03-01 12:27 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
      2008-03-01 12:27 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
      2008-03-01 12:27 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
      2008-03-01 12:27 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
      2008-03-01 12:26 . 2008-03-01 12:26 <DIR> d-------- C:\Program Files\Webroot
      2008-03-01 12:26 . 2008-03-01 12:26 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Webroot
      2008-03-01 12:26 . 2008-03-01 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
      2008-03-01 12:26 . 2008-03-01 12:26 164 --a------ C:\install.dat
      2008-03-01 12:04 . 2008-03-01 12:29 <DIR> d-------- C:\Program Files\SpywareBlaster
      2008-03-01 11:56 . 2008-03-01 16:30 <DIR> d-------- C:\Program Files\Hitman Pro
      2008-02-28 17:44 . 2008-02-28 17:44 73 --a------ C:\WINDOWS\EurekaLog.ini
      2008-02-28 17:15 . 2008-02-28 17:15 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\JAM Software
      2008-02-28 16:00 . 2008-02-28 15:59 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
      2008-02-28 15:59 . 2008-02-28 16:00 <DIR> d-------- C:\Documents and Settings\MAS\.housecall6.6
      2008-02-27 13:38 . 2004-08-04 13:00 1,042 --a------ C:\WINDOWS\system32\gpupdateo.exe
      2008-02-27 13:33 . 2004-08-04 13:00 88,064 --a------ C:\WINDOWS\system32\avmeterj.dll
      2008-02-23 19:57 . 2008-02-23 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
      2008-02-23 11:35 . 2008-02-23 11:35 <DIR> d-------- C:\Program Files\Alien Skin
      2008-02-23 04:16 . 2008-02-23 04:16 3,584 --a------ C:\Documents and Settings\MAS\netcache.dat
      2008-02-23 03:42 . 2008-02-23 03:42 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Micrografx
      2008-02-21 17:46 . 2004-03-29 17:23 90,112 --a------ C:\WINDOWS\unvise32.exe
      2008-02-21 11:34 . 2008-02-28 16:57 <DIR> d-------- C:\Program Files\Replay AV 8
      2008-02-19 23:06 . 2008-02-19 23:06 438 --a------ C:\WINDOWS\u3dedit3.INI
      2008-02-18 16:39 . 2008-02-18 16:40 78 --ah----- C:\WINDOWS\Wfstgr.ns
      2008-02-18 16:33 . 2008-02-18 16:33 <DIR> d-------- C:\WINDOWS\Profiles
      2008-02-18 16:33 . 2008-02-18 16:35 78 --ah----- C:\WINDOWS\Xwdupv.ns
      2008-02-18 15:52 . 1995-10-21 10:37 35,328 --------- C:\WINDOWS\INETWH32.DLL
      2008-02-18 15:52 . 1995-07-20 00:00 26,832 --------- C:\WINDOWS\CTL3DV2.DLL
      2008-02-18 15:52 . 1995-10-16 16:55 9,136 --------- C:\WINDOWS\INETWH16.DLL
      2008-02-18 15:52 . 1995-10-13 16:28 4,528 --------- C:\WINDOWS\SETBROWS.EXE
      2008-02-18 15:52 . 2008-02-18 16:41 78 --ah----- C:\WINDOWS\Au1tgr.ns
      2008-02-18 01:59 . 2008-02-18 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VertusTech
      2008-02-18 01:59 . 2008-02-18 01:59 1,024 --a------ C:\WINDOWS\system32\xofuz8s.tgz
      2008-02-16 15:59 . 2008-02-16 15:59 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
      2008-02-16 15:59 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
      2008-02-15 10:33 . 2008-02-15 10:33 <DIR> d-------- C:\Program Files\AKVIS
      2008-02-15 10:16 . 2008-02-15 10:16 <DIR> d-------- C:\Documents and Settings\MAS\.assistant
      2008-02-15 08:43 . 2008-02-21 13:09 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Alien Skin
      2008-02-15 06:46 . 2008-02-15 06:46 <DIR> d-------- C:\WINDOWS\MetaCreations
      2008-02-15 06:46 . 2008-02-23 19:21 329 --a------ C:\WINDOWS\PowerReg.dat
      2008-02-15 06:14 . 2008-02-18 16:35 <DIR> d-------- C:\WINDOWS\ulead.dat
      2008-02-15 06:00 . 2008-02-15 06:00 <DIR> d-------- C:\WINDOWS\PreviewSoft
      2008-02-15 06:00 . 2008-02-18 16:39 16 --a------ C:\WINDOWS\Wininit.ini
      2008-02-15 04:57 . 2008-02-16 15:58 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Ulead Systems
      2008-02-15 04:57 . 2008-02-15 04:57 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
      2008-02-15 04:56 . 2008-02-16 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-02 00:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-01 23:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-03-01 16:34 --------- d-----w C:\Documents and Settings\MAS\Application Data\Lavasoft
      2008-03-01 11:47 --------- d-----w C:\Program Files\Eset
      2008-02-28 15:57 --------- d-----w C:\Program Files\Replay Converter
      2008-02-28 11:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-02-28 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-28 04:21 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-26 21:50 --------- d-----w C:\Documents and Settings\MAS\Application Data\GetRightToGo
      2008-02-23 19:29 25,655 ----a-w C:\Documents and Settings\MAS\Application Data\mdb.bin
      2008-02-22 20:43 --------- d-----w C:\Program Files\BitTorrent
      2008-02-16 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-08 15:11 --------- d-----w C:\Documents and Settings\MAS\Application Data\dvdcss
      2008-01-15 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2007-12-10 22:17 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
      2007-12-10 22:17 249,856 ------w C:\WINDOWS\Setup1.exe
      2007-12-07 01:08 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
      2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\OLEAUT32.DLL
      2005-12-31 14:34 54 ----a-w C:\Program Files\inc1.bat
      2005-12-31 14:34 54 ----a-w C:\Program Files\bit3.bat
      2005-12-31 14:34 54 ----a-w C:\Program Files\bit2.bat
      2005-12-31 14:34 54 ----a-w C:\Program Files\bit.bat
      2005-12-31 14:34 41 ----a-w C:\Program Files\sleep.bat
      2005-12-31 14:34 0 ----a-w C:\Program Files\temp3.exe.txt
      2005-12-31 14:34 0 ----a-w C:\Program Files\temp2.exe.txt
      2005-12-31 14:34 0 ----a-w C:\Program Files\temp1.exe.txt
      2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A5163-8D00-4D3A-8544-61B0844D26AF}]
      2004-08-04 13:00 88064 --a------ C:\WINDOWS\system32\avmeterj.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AA31362-6F01-43EB-9282-11DA2F138BDA}]
      2004-08-04 13:00 88064 --a------ C:\WINDOWS\system32\avmeterj.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F8696D0-E87C-4B37-ADA9-880A1D7C89F3}]
      2004-08-04 13:00 88064 --a------ C:\WINDOWS\system32\avmeterj.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
      "SMSystemAnalyzer"="d:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 17:47 557056]
      "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMan"="SOUNDMAN.EXE" [2005-06-14 11:36 77824 C:\WINDOWS\SOUNDMAN.EXE]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 12:31 29696 C:\WINDOWS\KHALMNPR.Exe]
      "RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-06-05 13:33 921600]
      "ioloDelayModule"="D:\Program Files\iolo\System Mechanic Professional 6\delay.exe" [2005-06-08 13:31 96256]
      "PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
      "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
      "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 19:55:44 569405]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-25 06:49:11 450560]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-25 01:13:27 581632]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveTrack"= 0 (0x0)
      "NoFileAssociate"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveTrack"= 1 (0x1)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
      "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= D:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2001-04-12 18:05 77824]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "d:\\Program Files\\BitTorrent\\bittorrent.exe"=
      "D:\\Program Files\\LimeWire\\LimeWire.exe"=
      "D:\\Program Files\\DAP\\DAP.exe"=
      "D:\\Incoming\\MSN Messenger 7 - Animoticons - Winks - 44 Moods and 255 Emoticons (Includes Self Installer)\\installer\\mcoinstall.exe"=
      "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
      "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
      "D:\\Program Files\\SecondLife\\SLVoice.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "D:\\Program Files\\mIRC\\mirc.exe"=
      "D:\\BorgIRC 2\\mirc.exe"=
      "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6881:UDP"= 6881:UDP:LuckyTorrents.nl

      R2 pdfFactory Pro Dispatcher v3;pdfFactory Pro Dispatcher v3;"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /service
      S1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys

      *Newly Created Service* - SASDIFSV
      *Newly Created Service* - SASENUM
      *Newly Created Service* - SASKUTIL
      *Newly Created Service* - SDAUXSERVICE
      *Newly Created Service* - SDCORESERVICE
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-02 12:50:54
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\Program Files\Eset\pr_imon.dll

      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
      -> C:\Program Files\Logitech\SetPoint\lgscroll.dll
      -> d:\Program Files\WS_FTP Pro\nsftpch.dll
      .
      Voltooingstijd: 2008-03-02 12:51:48
      ComboFix-quarantined-files.txt 2008-03-02 11:51:37
      ComboFix2.txt 2008-02-28 09:20:09
      .
      2008-03-02 02:01:37 --- E O F ---

      ----------------------------------------------------------------
      Logfile of HijackThis v1.99.1
      Scan saved at 12:53:18, on 2-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
      C:\WINDOWS\system32\rundll32.exe
      D:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Eset\nod32kui.exe
      D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      D:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
      C:\WINDOWS\system32\spoolsv.exe
      D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\Logitech\SetPoint\KEM.exe
      C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
      D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\MSN Messenger\livecall.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Documents and Settings\MAS\Bureaublad\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {3E4A5163-8D00-4D3A-8544-61B0844D26AF} - C:\WINDOWS\system32\avmeterj.dll
      O2 - BHO: (no name) - {6AA31362-6F01-43EB-9282-11DA2F138BDA} - C:\WINDOWS\system32\avmeterj.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {9F8696D0-E87C-4B37-ADA9-880A1D7C89F3} - C:\WINDOWS\system32\avmeterj.dll
      O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [ioloDelayModule] D:\Program Files\iolo\System Mechanic Professional 6\delay.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [SMSystemAnalyzer] "d:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
      O8 - Extra context menu item: Verzenden naar &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: pdfFactory Pro Dispatcher v3 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /service (file missing)
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
      O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
      O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      Last edited by greenhornet; 02-03-08, 12:58.

      Comment


      • #4
        Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe
        Installeer het programma in de standaard locatie.

        Start Hijackthis op en kies voor 'Do a system scan only'
        Selecteer alleen de items die hieronder zijn genoemd:

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        O2 - BHO: (no name) - {3E4A5163-8D00-4D3A-8544-61B0844D26AF} - C:\WINDOWS\system32\avmeterj.dll
        O2 - BHO: (no name) - {6AA31362-6F01-43EB-9282-11DA2F138BDA} - C:\WINDOWS\system32\avmeterj.dll
        O2 - BHO: (no name) - {9F8696D0-E87C-4B37-ADA9-880A1D7C89F3} - C:\WINDOWS\system32\avmeterj.dll
        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

        Sluit alle vensters behalve Hijackthis
        Klik op 'Fix checked' om de items te verwijderen.

        Herstart de computer en post een nieuw log van hijackthis.
        Meld ook of hiermee het probleem is opgelost.

        Scan het volgende bestand bij Jotti
        C:\WINDOWS\system32\gpupdateo.exe

        Post het resultaat.
        Last edited by Steggel; 02-03-08, 15:24.

        Comment


        • #5
          ik heb even een beetje in het rond zitten klikken
          nog niks raars weer gehad.
          of het is nu weg, of het is al een stuk beter geworden

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 16:06:20, on 2-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\SOUNDMAN.EXE
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
          C:\WINDOWS\system32\rundll32.exe
          D:\Program Files\DAEMON Tools\daemon.exe
          C:\Program Files\Eset\nod32kui.exe
          D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
          D:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
          C:\Program Files\Logitech\SetPoint\KEM.exe
          C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
          C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
          C:\WINDOWS\system32\svchost.exe
          D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
          D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          C:\WINDOWS\System32\alg.exe
          C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\MSN Messenger\livecall.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\WINDOWS\system32\NOTEPAD.EXE
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\Run: [ioloDelayModule] D:\Program Files\iolo\System Mechanic Professional 6\delay.exe
          O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
          O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
          O4 - HKCU\..\Run: [SMSystemAnalyzer] "d:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: BTTray.lnk = ?
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
          O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
          O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
          O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
          O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
          O8 - Extra context menu item: Verzenden naar &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
          O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: pdfFactory Pro Dispatcher v3 - FinePrint Software, LLC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
          O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
          O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

          --
          End of file - 9858 bytes


          xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

          Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

          File to upload & scan:
          Service
          Service load: 0% 100%

          File: gpupdateo.exe
          Status: INFECTED/MALWARE
          MD5: 46d598a8612c145705017134772fd4e9
          Packers detected: -
          Bit9 reports: File not found




          Scanner results
          Scan taken on 02 Mar 2008 14:52:19 (GMT)
          A-Squared Found Trojan.Win32.Zapchast.ca
          AntiVir Found TR/Zapchast.EC
          ArcaVir Found nothing
          Avast Found nothing
          AVG Antivirus Found nothing
          BitDefender Found nothing
          ClamAV Found nothing
          CPsecure Found Troj.W32.Zapchast.ec
          Dr.Web Found nothing
          F-Prot Antivirus Found nothing
          F-Secure Anti-Virus Found Trojan.Win32.Zapchast.ec
          Fortinet Found W32/Zapchast.EC!tr
          Ikarus Found nothing
          Kaspersky Anti-Virus Found Trojan.Win32.Zapchast.ec
          NOD32 Found nothing
          Norman Virus Control Found nothing
          Panda Antivirus Found Trj/Zapchast.DS
          Rising Antivirus Found nothing
          Sophos Antivirus Found nothing
          VirusBuster Found nothing
          VBA32 Found Trojan.Win32.Zapchast.ec

          Comment


          • #6
            Dat bestand gpupdateo.exe mag je dus verwijderen.

            Download Java Runtime Environment (JRE) 6u4.
            • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
            • Klik op de "Download" knop aan de rechterkant.
            • In het uitklapmenu rechts naast Platform, selecteer Windows
            • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
            • De pagina zal herladen.
            • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Lees hier hoe je nieuwe infecties kan voorkomen!

            Als jou probleem nu weg is, markeer dit onderwerp dan als opgelost, zoniet dan zie ik nog wel een reactie.

            Comment


            • #7
              volgens mij ben ik van alle problemen af

              in ieder geval bedankt voor de snelle hulp

              mvg
              marc

              Comment

              Sorry, you are not authorized to view this page
              Working...
              X