Misschien kun je Prevx CSI gebruiken?
Anders een online scanner proberen.

Die vind 2 rootkits maar om te verwijder moet ik een licentie kopen.
Nu heb ik ook met panda rootkit scannen die vind 20 verborgen files.

Alle beetje bekende scanners hebben bij het downloaden data corruptie.

Verborgen bestanden kunnen ook bestanden zijn die je juist wél nodig hebt. Het verwijderen van die bestanden kan je systeem zelfs onbruikbaar maken.
Sommige beveiligingssoftware maakt zelf ook gebruik van de rootkit techniek om zodoende goede bestanden juist te beschermen tegen (manipulatie door) malware.

Daarom is het niet zo makkelijk om zomaar eventjes met een rootkitscanner als GMER of RKU je systeem te scannen en alles dat verborgen is als malware te beschouwen en 't dan verwijderen.

Wat gebeurt er wanneer je HijackThis.exe gewoon een andere naam geeft en dan start? Maak er bijvoorbeeld Xenomes.exe van


Met prevx CSI kun je op het icoontje klikken in de systemtray, naast het klokje, en kiezen om de resultaten van de laatste scan online te bekijken.
Dan zie je dus de gedetecteerde bestanden en daar kun je weer op klikken voor meer informatie uit de database. Misschien helpt dat bij het verwijderen van die bestanden.

Dan wordt hij nog afgesloten! maar had na een paar keer snel op enter te drukken een log file !! De log file is na een verse reboot.
Heb hem als bijlagen toegevoegd.

Zie er geen vreemde dingen tussen staan.

Malicious Root Kit Detected
Prevx CSI has detected a Root Kit present on your PC. Root Kit infections are notoriously difficult and complicated to remove, therefore we would recommend you have backups of any important files or data prior to attempted removal.

DUMETER.EXE LoveBoom:Worm-a

GRIDMOVE.EXE Infostealer

SROSA.SYS Generic.Rootkit

Ga naar deze pagina: http://www.zonavirus.com/datos/desca...5/elibagla.asp
Helemaal onderaan klik je op de knop "Descargar ELIBAGLA 11.27"
Plaats dit bestand (EliBaglA.exe) op je bureaublad.
Dubbelklik erop om het programma te starten.
Controleer of naast Unidad dit staat: C:\
Onderaan moet je zorgen dat "Eliminar Ficheros Automaticamente" aangevinkt is.
Klik nu op de knop "Explorar" om de tool te laten scannen.

Vervolgens klik je op de knop "Salir" om het programma af te sluiten.
Herstart de computer, als het goed is loopt het tooltje dan nog een keer.
Is dit niet het geval, start het dan zelf.
Post de inhoud van het bestandje C:\InfoSat.txt

Ik kan het programma alleen opstarten dan loopt de balk tot het einde ene dan verdwijnt het programma! er wordt wel een log bestand aan gemaakt
heb het bestand nog ge hernoemt, maar dat maakte niet uit.

Thu Apr 17 14:20:55 2008
EliBagle v11.27 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Kijk dat is mooi nu heb ik een naam "Bagle"

Start het progamma nog maar een keer.

Herstart je computer en probeer het nog eens.

Geeft dat verbetering?

Ja nu werd hij gestart tijdens het herstarten. maar ben helaas de verbinding tijdens het scannen naar thuis verloren (vncviewer). Als ik om 17:30 zal de log wel posten.

Dan hoor ik het dan wel

Doe dan meteen ook het volgende.
Gebruik dit programma:


Post na afloop het logje van Combofix in je volgende bericht

Jaaa mijn cpu is weer normale activiteit. Helemaal top.

moet mijn virusscanner nog in de lucht helpen, maar dat gaat goed komen!

ComboFix 08-04-16.5 - André Boluyt 2008-04-17 17:55:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.490 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\André Boluyt\Bureaublad\Xenomes2.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active


[color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\André Boluyt\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\209937.exe
C:\WINDOWS\system32\drivers\downld\220421.exe
C:\WINDOWS\system32\drivers\downld\227687.exe
C:\WINDOWS\system32\drivers\downld\231250.exe
C:\WINDOWS\system32\drivers\downld\240937.exe
C:\WINDOWS\system32\drivers\downld\247234.exe
C:\WINDOWS\system32\drivers\downld\256296.exe
C:\WINDOWS\system32\drivers\downld\259609.exe
C:\WINDOWS\system32\drivers\downld\63203.exe
C:\WINDOWS\system32\drivers\downld\63656.exe
C:\WINDOWS\system32\drivers\downld\64515.exe
C:\WINDOWS\system32\drivers\downld\64984.exe
C:\WINDOWS\system32\drivers\downld\68125.exe
C:\WINDOWS\system32\drivers\downld\77046.exe
C:\WINDOWS\system32\drivers\downld\77562.exe
C:\WINDOWS\system32\drivers\downld\85671.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


(((((((((((((((((((( Bestanden Gemaakt van 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))
.

2008-04-17 11:21 . 2008-04-17 11:21 0 --a----t- C:\WINDOWS\system32\DarkSpyKernel.sys
2008-04-17 10:10 . 2008-04-17 10:10 7,680 --a------ C:\WINDOWS\system32\drivers\RKL47.tmp.sys
2008-04-17 10:01 . 2008-04-17 14:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 09:51 . 2008-04-17 11:42 <DIR> d-------- C:\Sophos Anti-Rootkit
2008-04-16 22:33 . 2008-04-16 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-16 22:27 . 2008-04-16 22:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-16 22:17 . 2008-04-16 22:18 7,483,983 --a------ C:\WINDOWS\system32\DLNBR
2008-04-16 22:00 . 2006-08-24 12:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-04-16 22:00 . 2006-07-10 17:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-04-16 21:59 . 2008-04-16 21:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-16 21:59 . 2004-02-11 18:27 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2008-04-16 21:59 . 2005-12-14 19:06 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2008-04-16 21:58 . 2008-04-16 21:58 <DIR> d-------- C:\Program Files\Webroot
2008-04-16 21:57 . 2008-04-16 21:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 21:57 . 2008-04-16 21:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-16 21:57 . 2008-04-16 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 21:48 . 2008-04-16 21:48 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-04-16 21:44 . 2008-04-16 22:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-16 21:44 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-16 21:44 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-16 21:44 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-16 21:44 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-16 21:26 . 2008-04-16 21:26 15,424 --a------ C:\WINDOWS\system32\drivers\_od32drv.s01
2008-04-16 21:24 . 2008-04-16 21:24 15,424 --a------ C:\WINDOWS\system32\drivers\_od32drv.s00
2008-04-16 21:21 . 2008-04-16 21:22 <DIR> d-------- C:\Program Files\WhatsRunning
2008-04-16 20:05 . 2008-04-16 20:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-16 19:58 . 2008-04-16 19:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SPAMfighter
2008-04-16 19:58 . 2004-08-04 04:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-16 19:32 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-04-13 20:18 . 2008-04-13 20:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 20:18 . 2008-04-13 20:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 21:48 . 2008-04-12 21:48 <DIR> d-------- C:\Program Files\Activision Value
2008-04-11 23:41 . 2008-04-11 23:42 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-11 23:41 . 2008-04-11 23:42 <DIR> d-------- C:\Program Files\AutoCAD LT 2009
2008-04-11 23:41 . 2008-04-11 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-11 22:37 . 2008-04-11 22:37 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-11 22:37 . 2008-04-11 22:37 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-11 22:37 . 2008-04-11 22:37 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-11 22:37 . 2008-04-13 12:44 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-11 22:37 . 2008-04-11 22:37 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-11 22:34 . 2004-08-13 18:56 5,810 --a------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-04-11 22:16 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-11 22:16 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-11 22:15 . 2008-04-11 22:15 <DIR> d-------- C:\Program Files\Realtek AC97
2008-04-11 22:15 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-11 22:15 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-11 22:15 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-04-11 22:15 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-04-11 22:15 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-04-11 22:15 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-11 22:15 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-11 20:53 . 2008-04-11 20:53 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-11 17:48 . 2008-04-11 20:37 <DIR> d-------- C:\Program Files\SABnzbdgui
2008-04-09 08:26 . 2008-04-09 08:27 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-06 23:01 . 2008-04-06 23:01 <DIR> d-------- C:\Program Files\DIFX
2008-04-06 23:00 . 2006-07-01 22:56 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-04-06 22:54 . 2008-04-06 22:54 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-04-06 21:38 . 2008-04-09 22:53 32 --a------ C:\WINDOWS\CD_Start.INI
2008-04-06 21:31 . 2008-04-06 21:31 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpDC616.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpCE616.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpCD616.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpB1716.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpB0716.FOT
2008-04-06 16:06 . 2008-04-06 16:06 1,409 --a------ C:\WINDOWS\system32\tmp23933.FOT
2008-04-06 16:05 . 2008-04-06 16:05 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-04-06 16:05 . 2008-04-06 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 16:05 . 2008-03-28 21:07 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-04-06 16:05 . 2008-03-28 21:07 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-04-06 15:54 . 2000-01-05 15:19 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-04-06 15:54 . 2008-04-06 15:54 28,672 --a------ C:\WINDOWS\system32\qttask.exe
2008-04-06 15:54 . 2008-04-06 15:54 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-06 15:52 . 1994-09-21 01:00 92,208 --a------ C:\WINDOWS\system\WING.DLL
2008-04-06 15:52 . 1994-09-21 01:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-04-06 15:30 . 2008-04-06 15:30 1,409 --a------ C:\WINDOWS\system32\tmpE3863.FOT
2008-04-04 21:09 . 2008-04-11 20:51 <DIR> d-------- C:\Program Files\GRETECH
2008-04-02 18:52 . 2008-02-01 09:50 245,760 --a------ C:\WINDOWS\JkDefragScreenSaver.exe
2008-04-02 18:52 . 2008-02-01 09:50 229,376 --a------ C:\WINDOWS\JkDefragCmd.exe
2008-04-02 18:52 . 2008-02-01 09:50 229,376 --a------ C:\WINDOWS\JkDefrag.exe
2008-04-02 18:52 . 2008-02-01 09:50 110,592 --a------ C:\WINDOWS\JkDefragScreenSaver.scr
2008-03-31 23:00 . 2008-03-31 23:02 <DIR> d-------- C:\Program Files\DaemonScript
2008-03-31 22:47 . 1998-09-22 18:15 195,856 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-03-31 22:47 . 1997-02-27 04:00 192,272 --a------ C:\WINDOWS\system32\MCI32.OCX
2008-03-31 22:47 . 1997-02-27 04:00 94,992 --a------ C:\WINDOWS\system32\Vb5fr.dll
2008-03-31 22:47 . 2002-02-18 17:26 19,749 --a------ C:\WINDOWS\emmeNL.wri
2008-03-31 12:48 . 2008-03-31 12:54 <DIR> d-------- C:\hegames
2008-03-31 12:47 . 2008-04-06 22:46 707 --a------ C:\WINDOWS\hegames.ini
2008-03-31 00:25 . 2008-04-17 17:52 <DIR> d-------- C:\Program Files\DU Meter
2008-03-31 00:25 . 2008-03-31 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-03-30 22:19 . 2008-03-30 22:19 <DIR> d-------- C:\WINDOWS\Sun
2008-03-30 18:48 . 2008-03-30 18:48 <DIR> d-------- C:\Program Files\Xvid
2008-03-30 18:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-30 18:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-30 18:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-30 15:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-30 15:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-30 15:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-30 15:20 . 2008-03-30 15:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 15:20 . 2008-03-30 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-29 23:14 . 2008-03-29 23:14 <DIR> d-------- C:\Program Files\Fotoservice

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 20:09 --------- d-----w C:\Program Files\Hitman Pro
2008-04-16 20:02 --------- d-----w C:\Program Files\ESET
2008-04-11 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-11 18:29 --------- d-----w C:\Program Files\Notepad++
2008-04-10 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-03 06:06 --------- d-----w C:\Program Files\UltraVNC
2008-04-01 05:48 --------- d-----w C:\Program Files\Winamp
2008-03-31 05:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 21:13 --------- d-----w C:\Program Files\Camelsystem Power-Post
2008-03-30 19:59 --------- d-----w C:\Program Files\QuickPar
2008-03-30 13:20 --------- d-----w C:\Program Files\Windows Live
2008-03-30 08:19 --------- d-----w C:\Program Files\CCleaner
2008-03-29 18:16 --------- d-----w C:\Program Files\MSBuild
2008-03-29 17:52 --------- d-----w C:\Program Files\Google
2008-03-29 17:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-29 17:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 16:41 22,176 ----a-w C:\WINDOWS\system32\drivers\fortidrv.sys
2008-03-29 16:41 14,496 ----a-w C:\WINDOWS\system32\drivers\ftvnic.sys
2008-03-29 15:08 --------- d-----w C:\Program Files\FTDv3.8
2008-03-29 15:08 --------- d-----w C:\Program Files\FTD Watchdog
2008-03-29 13:55 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-29 13:55 --------- d-----w C:\Program Files\Sygate
2008-03-29 13:55 --------- d-----w C:\Program Files\Skype
2008-03-29 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-29 13:54 --------- d-----w C:\Program Files\Raxco
2008-03-29 13:54 --------- d-----w C:\Program Files\Common Files\Raxco
2008-03-29 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-03-29 13:51 --------- d-----w C:\Program Files\GridMove
2008-03-29 13:50 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 13:46 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-03-29 13:46 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-29 13:45 --------- d-----w C:\Program Files\FireTuneUp
2008-03-29 13:43 --------- d-----w C:\Program Files\Nero
2008-03-29 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Daemon Tools Pro
2008-03-29 13:17 --------- d-----w C:\Program Files\CyberLink
2008-03-29 13:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 13:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-29 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-29 12:54 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2008-03-29 12:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-10-04 09:32 2,515,576 ----a-w C:\WINDOWS\inf\SET2C64.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 10:30 486856]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-05-21 10:10 684032]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-02 19:15 219952]
"FTD Watchdog Monitor"="C:\Program Files\FTD Watchdog\FtdMonitor.exe" [2007-12-24 22:12 176640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-17 17:57 949376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 12:10 317072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SABnzbdGUI"="C:\Program Files\SABnzbdgui\sabnzbdgui.exe" [2008-02-20 20:56 801792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:03 15360]
"Spyware Doctor"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:03 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 16:41 145496 C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Desktop Tray Clock\DTClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
--a------ 2008-04-17 17:48 2532576 C:\PROGRA~1\Sygate\SPF\smc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
--a------ 2006-06-18 15:56 712704 C:\Program Files\UltraVNC\winvnc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Fortinet\\FortiClient\\FortiProxy.exe"=
"C:\\Program Files\\Fortinet\\FortiClient\\FCMgr.exe"=
"C:\\Program Files\\Fortinet\\FortiClient\\ipsec.exe"=
"C:\\Program Files\\SABnzbd\\SABnzbd.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Games\\Universe At War Earth Assault\\UAWEA.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-05-09 03:03]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 Fortigen;Fortigen;C:\WINDOWS\system32\drivers\fortigen.sys [2007-06-21 13:19]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19]
R2 Fortips;Fortips;C:\WINDOWS\system32\drivers\fortips.sys [2007-06-21 13:19]
R2 FortiRdr;FortiRdr;C:\WINDOWS\system32\drivers\FortiRdr.sys [2007-06-21 13:20]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-02-26 12:10]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22]
R3 Cap7134;Cinergy 400 TV Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-08-08 13:47]
R3 Fortidrv2;FortiNet Fortidrv Service;C:\WINDOWS\system32\DRIVERS\fortidrv.sys [2008-03-29 18:41]
R3 ft_vnic;Fortinet network virtual adapter;C:\WINDOWS\system32\DRIVERS\ftvnic.sys [2008-03-29 18:41]
R3 TTTv400;Cinergy 400 TV Tuner (MK2);C:\WINDOWS\system32\DRIVERS\PhTvTune.sys [2004-03-03 15:36]
S3 08b18E;08b18E;C:\WINDOWS\system32\[u]0[/u]8b18E.sys []
S3 0b2180;0b2180;C:\WINDOWS\system32\[u]0[/u]b2180.sys []
S3 0d9192;0d9192;C:\WINDOWS\system32\[u]0[/u]d9192.sys []
S3 1ae17B;1ae17B;C:\WINDOWS\system32\1ae17B.sys []
S3 1f2187;1f2187;C:\WINDOWS\system32\1f2187.sys []
S3 2f1197;2f1197;C:\WINDOWS\system32\2f1197.sys []
S3 3cc193;3cc193;C:\WINDOWS\system32\3cc193.sys []
S3 50918C;50918C;C:\WINDOWS\system32\50918C.sys []
S3 51b184;51b184;C:\WINDOWS\system32\51b184.sys []
S3 59f198;59f198;C:\WINDOWS\system32\59f198.sys []
S3 5a2178;5a2178;C:\WINDOWS\system32\5a2178.sys []
S3 6d017E;6d017E;C:\WINDOWS\system32\6d017E.sys []
S3 6f8182;6f8182;C:\WINDOWS\system32\6f8182.sys []
S3 7bf18F;7bf18F;C:\WINDOWS\system32\7bf18F.sys []
S3 853194;853194;C:\WINDOWS\system32\853194.sys []
S3 89c17C;89c17C;C:\WINDOWS\system32\89c17C.sys []
S3 8e1188;8e1188;C:\WINDOWS\system32\8e1188.sys []
S3 94e18A;94e18A;C:\WINDOWS\system32\94e18A.sys []
S3 9c317F;9c317F;C:\WINDOWS\system32\9c317F.sys []
S3 a6d190;a6d190;C:\WINDOWS\system32\a6d190.sys []
S3 c8e199;c8e199;C:\WINDOWS\system32\c8e199.sys []
S3 ce117A;ce117A;C:\WINDOWS\system32\ce117A.sys []
S3 DarkSpy;DarkSpy;C:\WINDOWS\system32\DarkSpyKernel.sys [2008-04-17 11:21]
S3 e1a18B;e1a18B;C:\WINDOWS\system32\e1a18B.sys []
S3 e2c183;e2c183;C:\WINDOWS\system32\e2c183.sys []
S3 e6d176;e6d176;C:\WINDOWS\system32\e6d176.sys []
S3 eb3177;eb3177;C:\WINDOWS\system32\eb3177.sys []
S3 eff186;eff186;C:\WINDOWS\system32\eff186.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 18:02:13
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fortinet\FortiClient\scheduler.exe
C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
C:\Program Files\Fortinet\FortiClient\FortiTray.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\GridMove\GridMove.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SABnzbd\SABnzbd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-17 18:03:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 16:03:27

Pre-Run: 18,374,397,952 bytes beschikbaar
Post-Run: 18,338,435,072 bytes beschikbaar
.
2008-04-10 01:03:38 --- E O F ---

Die is gesloopt door het virus, die zul je dus opnieuw moeten installeren.

Ga naar Start - Uitvoeren en geef het volgende in:
Combofix /u
Druk op OK.

Dit zal Combofix deïnstalleren.

Doe een volledige scan met je virusscanner en laat alles verwijderen dat gevonden wordt.

Download daarna Combofix opnieuw, maak daarmee een nieuw logje en post deze in je volgende bericht

Oké een volledige systeem scan gedaan. nog een paar bestanden gevonden waar onder de bron van de besmetting!

Log is weer bijgevoegd

ComboFix 08-04-18.3 - André Boluyt 2008-04-19 11:01:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.488 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\André Boluyt\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))
.

2008-04-19 10:28 . 2008-04-19 10:34 <DIR> d-------- C:\Program Files\SABnzbd
2008-04-19 07:47 . 2008-04-19 10:33 <DIR> dr-h----- C:\Documents and Settings\André Boluyt\Onlangs geopend
2008-04-19 07:47 . 2008-04-19 10:33 <DIR> dr-h----- C:\Documents and Settings\André Boluyt\Onlangs geopend
2008-04-18 19:06 . 2008-04-18 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-18 09:24 . 2008-04-18 09:24 <DIR> d-------- C:\Program Files\Sygate
2008-04-18 09:24 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-18 09:24 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-18 09:24 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-18 09:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-18 09:23 . 2008-04-18 09:23 <DIR> d-------- C:\Downloads
2008-04-18 09:23 . 2008-04-18 09:24 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\GetRightToGo
2008-04-18 08:11 . 2008-04-18 09:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 07:49 . 2008-04-18 07:49 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-04-17 11:21 . 2008-04-17 11:21 0 --a----t- C:\WINDOWS\system32\DarkSpyKernel.sys
2008-04-17 10:10 . 2008-04-17 10:10 7,680 --a------ C:\WINDOWS\system32\drivers\RKL47.tmp.sys
2008-04-17 10:01 . 2008-04-17 14:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 08:45 . 2008-04-17 10:29 <DIR> d-------- C:\Documents and Settings\André Boluyt\.housecall6.6
2008-04-17 08:45 . 2008-04-17 10:29 <DIR> d-------- C:\Documents and Settings\André Boluyt\.housecall6.6
2008-04-16 22:17 . 2008-04-16 22:18 7,483,983 --a------ C:\WINDOWS\system32\DLNBR
2008-04-16 22:02 . 2008-04-16 22:02 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\Lavasoft
2008-04-16 22:00 . 2006-08-24 12:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-04-16 22:00 . 2006-07-10 17:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-04-16 21:59 . 2008-04-16 21:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-16 21:59 . 2004-02-11 18:27 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2008-04-16 21:59 . 2005-12-14 19:06 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2008-04-16 21:58 . 2008-04-16 21:58 <DIR> d-------- C:\Program Files\Webroot
2008-04-16 21:58 . 2008-04-16 21:58 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\Webroot
2008-04-16 21:57 . 2008-04-16 21:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 21:57 . 2008-04-16 21:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-16 21:57 . 2008-04-16 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 21:48 . 2008-04-16 21:48 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-04-16 21:44 . 2008-04-16 22:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-16 21:44 . 2008-04-16 21:44 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\PC Tools
2008-04-16 21:44 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-16 21:44 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-16 21:44 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-16 21:44 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-16 21:26 . 2008-04-16 21:26 15,424 --a------ C:\WINDOWS\system32\drivers\_od32drv.s01
2008-04-16 21:24 . 2008-04-16 21:24 15,424 --a------ C:\WINDOWS\system32\drivers\_od32drv.s00
2008-04-16 20:05 . 2008-04-16 20:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-16 19:58 . 2008-04-16 19:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SPAMfighter
2008-04-16 19:58 . 2004-08-04 04:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-16 19:32 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-04-13 20:18 . 2008-04-13 20:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 20:18 . 2008-04-13 20:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 21:48 . 2008-04-12 21:48 <DIR> d-------- C:\Program Files\Activision Value
2008-04-11 23:41 . 2008-04-11 23:42 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-11 23:41 . 2008-04-11 23:42 <DIR> d-------- C:\Program Files\AutoCAD LT 2009
2008-04-11 23:41 . 2008-04-11 23:41 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\Autodesk
2008-04-11 23:41 . 2008-04-11 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-11 22:37 . 2008-04-11 22:37 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-11 22:37 . 2008-04-11 22:37 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-11 22:37 . 2008-04-11 22:37 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-11 22:37 . 2008-04-13 12:44 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-11 22:37 . 2008-04-11 22:37 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-11 22:34 . 2004-08-13 18:56 5,810 --a------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-04-11 22:16 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-11 22:16 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-11 22:15 . 2008-04-11 22:15 <DIR> d-------- C:\Program Files\Realtek AC97
2008-04-11 22:15 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-11 22:15 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-11 22:15 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-04-11 22:15 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-04-11 22:15 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-04-11 22:15 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-11 22:15 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-11 21:40 . 2008-04-11 21:40 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\CyberLink
2008-04-11 20:54 . 2008-04-11 20:54 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\vlc
2008-04-11 20:53 . 2008-04-11 20:53 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-11 17:48 . 2008-04-11 20:37 <DIR> d-------- C:\Program Files\SABnzbdgui
2008-04-09 20:38 . 2008-04-09 20:38 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\Joost
2008-04-06 23:01 . 2008-04-06 23:01 <DIR> d-------- C:\Program Files\DIFX
2008-04-06 23:00 . 2006-07-01 22:56 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-04-06 22:54 . 2008-04-06 22:54 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-04-06 21:48 . 2008-04-11 22:51 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\Notepad++
2008-04-06 21:38 . 2008-04-09 22:53 32 --a------ C:\WINDOWS\CD_Start.INI
2008-04-06 21:31 . 2008-04-06 21:31 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpDC616.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpCE616.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpCD616.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpB1716.FOT
2008-04-06 17:02 . 2008-04-06 17:02 1,409 --a------ C:\WINDOWS\system32\tmpB0716.FOT
2008-04-06 16:06 . 2008-04-06 16:06 1,409 --a------ C:\WINDOWS\system32\tmp23933.FOT
2008-04-06 16:05 . 2008-04-06 16:05 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-04-06 16:05 . 2008-04-06 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 16:05 . 2008-03-28 21:07 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-04-06 16:05 . 2008-03-28 21:07 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-04-06 15:54 . 2000-01-05 15:19 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-04-06 15:54 . 2008-04-06 15:54 28,672 --a------ C:\WINDOWS\system32\qttask.exe
2008-04-06 15:54 . 2008-04-06 15:54 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-06 15:52 . 1994-09-21 01:00 92,208 --a------ C:\WINDOWS\system\WING.DLL
2008-04-06 15:52 . 1994-09-21 01:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-04-06 15:30 . 2008-04-06 15:30 1,409 --a------ C:\WINDOWS\system32\tmpE3863.FOT
2008-04-04 21:09 . 2008-04-11 20:51 <DIR> d-------- C:\Program Files\GRETECH
2008-04-02 18:52 . 2008-02-01 09:50 245,760 --a------ C:\WINDOWS\JkDefragScreenSaver.exe
2008-04-02 18:52 . 2008-02-01 09:50 229,376 --a------ C:\WINDOWS\JkDefragCmd.exe
2008-04-02 18:52 . 2008-02-01 09:50 229,376 --a------ C:\WINDOWS\JkDefrag.exe
2008-04-02 18:52 . 2008-02-01 09:50 110,592 --a------ C:\WINDOWS\JkDefragScreenSaver.scr
2008-04-02 18:50 . 2008-04-18 07:42 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\U3
2008-03-31 23:00 . 2008-03-31 23:02 <DIR> d-------- C:\Program Files\DaemonScript
2008-03-31 22:47 . 1998-09-22 18:15 195,856 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-03-31 22:47 . 1997-02-27 04:00 192,272 --a------ C:\WINDOWS\system32\MCI32.OCX
2008-03-31 22:47 . 1997-02-27 04:00 94,992 --a------ C:\WINDOWS\system32\Vb5fr.dll
2008-03-31 22:47 . 2002-02-18 17:26 19,749 --a------ C:\WINDOWS\emmeNL.wri
2008-03-31 12:48 . 2008-03-31 12:54 <DIR> d-------- C:\hegames
2008-03-31 12:47 . 2008-04-06 22:46 707 --a------ C:\WINDOWS\hegames.ini
2008-03-31 00:25 . 2008-04-18 07:52 <DIR> d-------- C:\Program Files\DU Meter
2008-03-31 00:25 . 2008-03-31 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-03-30 22:19 . 2008-03-30 22:19 <DIR> d-------- C:\WINDOWS\Sun
2008-03-30 18:48 . 2008-03-30 18:48 <DIR> d-------- C:\Program Files\Xvid
2008-03-30 18:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-30 18:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-30 18:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-30 15:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-30 15:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-30 15:58 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-30 15:20 . 2008-03-30 15:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-30 15:20 . 2008-03-30 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-30 14:01 . 2008-03-30 14:01 <DIR> d-------- C:\Documents and Settings\André Boluyt\Application Data\Nero
2008-03-29 23:14 . 2008-03-29 23:14 <DIR> d-------- C:\Program Files\Fotoservice
2008-03-29 23:10 . 2008-02-20 21:17 40,928 --a------ C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-03-29 23:10 . 2008-02-20 21:17 27,776 --a------ C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-03-29 23:09 . 2008-03-29 23:10 <DIR> d-------- C:\Program Files\innotek VirtualBox
2008-03-29 23:04 . 2008-03-29 23:07 <DIR> d-------- C:\Documents and Settings\André Boluyt\.SunDownloadManager
2008-03-29 23:04 . 2008-03-29 23:07 <DIR> d-------- C:\Documents and Settings\André Boluyt\.SunDownloadManager

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 05:50 --------- d-----w C:\Program Files\Notepad++
2008-04-19 05:44 --------- d-----w C:\Program Files\Winamp
2008-04-18 21:06 --------- d-----w C:\Program Files\Google
2008-04-18 06:00 --------- d-----w C:\Program Files\ESET
2008-04-18 05:49 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-18 05:49 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-04-18 05:49 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-16 20:09 --------- d-----w C:\Program Files\Hitman Pro
2008-04-11 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-10 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-03 06:06 --------- d-----w C:\Program Files\UltraVNC
2008-03-31 05:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 21:13 --------- d-----w C:\Program Files\Camelsystem Power-Post
2008-03-30 19:59 --------- d-----w C:\Program Files\QuickPar
2008-03-30 13:20 --------- d-----w C:\Program Files\Windows Live
2008-03-30 08:19 --------- d-----w C:\Program Files\CCleaner
2008-03-29 18:16 --------- d-----w C:\Program Files\MSBuild
2008-03-29 17:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-29 17:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 16:41 22,176 ----a-w C:\WINDOWS\system32\drivers\fortidrv.sys
2008-03-29 16:41 14,496 ----a-w C:\WINDOWS\system32\drivers\ftvnic.sys
2008-03-29 15:08 --------- d-----w C:\Program Files\FTDv3.8
2008-03-29 15:08 --------- d-----w C:\Program Files\FTD Watchdog
2008-03-29 13:55 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-29 13:55 --------- d-----w C:\Program Files\Skype
2008-03-29 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-29 13:54 --------- d-----w C:\Program Files\Raxco
2008-03-29 13:54 --------- d-----w C:\Program Files\Common Files\Raxco
2008-03-29 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-03-29 13:51 --------- d-----w C:\Program Files\GridMove
2008-03-29 13:50 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 13:45 --------- d-----w C:\Program Files\FireTuneUp
2008-03-29 13:43 --------- d-----w C:\Program Files\Nero
2008-03-29 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Daemon Tools Pro
2008-03-29 13:17 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-29 13:17 353,840 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-29 13:17 --------- d-----w C:\Program Files\CyberLink
2008-03-29 13:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 13:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-29 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-29 12:54 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2008-03-29 12:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-09 23:38 13,464 ----a-w C:\WINDOWS\system32\AcSignExtRes.dll
2008-02-09 23:37 43,160 ----a-w C:\WINDOWS\system32\AcSignIcon.dll
2008-02-09 23:37 426,136 ----a-w C:\WINDOWS\system32\AcSignOpt.exe
2008-02-09 23:37 28,312 ----a-w C:\WINDOWS\system32\AcSignExt.dll
2007-10-04 09:32 2,515,576 ----a-w C:\WINDOWS\inf\SET2C64.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 10:30 486856]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-15 15:19 2582288]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-02 19:15 219952]
"FTD Watchdog Monitor"="C:\Program Files\FTD Watchdog\FtdMonitor.exe" [2007-12-24 22:12 176640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-18 07:49 949376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 12:10 317072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SABnzbdGUI"="C:\Program Files\SABnzbdgui\sabnzbdgui.exe" [2008-02-20 20:56 801792]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:03 15360]
"Spyware Doctor"="" []

C:\Documents and Settings\Andr‚ Boluyt\Menu Start\Programma's\Opstarten\
FTDMonitor.exe.lnk - C:\Program Files\FTD Watchdog\FTDMonitor.exe [2008-03-28 22:11:58 176640]
GridMove.lnk - C:\Program Files\GridMove\GridMove.exe [2008-03-29 15:51:05 242934]
Tvgids.cmd.lnk - C:\Program Files\DScaler\tvguide\Tvgids.cmd [2007-05-12 20:18:03 260]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:03 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--a------ 2007-03-21 16:41 145496 C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Desktop Tray Clock\DTClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
--a------ 2004-10-15 19:40 2577632 C:\PROGRA~1\Sygate\SPF\smc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
--a------ 2006-06-18 15:56 712704 C:\Program Files\UltraVNC\winvnc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Fortinet\\FortiClient\\FortiProxy.exe"=
"C:\\Program Files\\Fortinet\\FortiClient\\FCMgr.exe"=
"C:\\Program Files\\Fortinet\\FortiClient\\ipsec.exe"=
"C:\\Program Files\\SABnzbd\\SABnzbd.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Games\\Universe At War Earth Assault\\UAWEA.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-05-09 03:03]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 Fortigen;Fortigen;C:\WINDOWS\system32\drivers\fortigen.sys [2007-06-21 13:19]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19]
R2 Fortips;Fortips;C:\WINDOWS\system32\drivers\fortips.sys [2007-06-21 13:19]
R2 FortiRdr;FortiRdr;C:\WINDOWS\system32\drivers\FortiRdr.sys [2007-06-21 13:20]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-02-26 12:10]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22]
R3 Cap7134;Cinergy 400 TV Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-08-08 13:47]
R3 Fortidrv2;FortiNet Fortidrv Service;C:\WINDOWS\system32\DRIVERS\fortidrv.sys [2008-03-29 18:41]
R3 ft_vnic;Fortinet network virtual adapter;C:\WINDOWS\system32\DRIVERS\ftvnic.sys [2008-03-29 18:41]
R3 TTTv400;Cinergy 400 TV Tuner (MK2);C:\WINDOWS\system32\DRIVERS\PhTvTune.sys [2004-03-03 15:36]
S3 08b18E;08b18E;C:\WINDOWS\system32\[u]0[/u]8b18E.sys []
S3 0b2180;0b2180;C:\WINDOWS\system32\[u]0[/u]b2180.sys []
S3 0d9192;0d9192;C:\WINDOWS\system32\[u]0[/u]d9192.sys []
S3 1ae17B;1ae17B;C:\WINDOWS\system32\1ae17B.sys []
S3 1f2187;1f2187;C:\WINDOWS\system32\1f2187.sys []
S3 2f1197;2f1197;C:\WINDOWS\system32\2f1197.sys []
S3 3cc193;3cc193;C:\WINDOWS\system32\3cc193.sys []
S3 50918C;50918C;C:\WINDOWS\system32\50918C.sys []
S3 51b184;51b184;C:\WINDOWS\system32\51b184.sys []
S3 59f198;59f198;C:\WINDOWS\system32\59f198.sys []
S3 5a2178;5a2178;C:\WINDOWS\system32\5a2178.sys []
S3 6d017E;6d017E;C:\WINDOWS\system32\6d017E.sys []
S3 6f8182;6f8182;C:\WINDOWS\system32\6f8182.sys []
S3 7bf18F;7bf18F;C:\WINDOWS\system32\7bf18F.sys []
S3 853194;853194;C:\WINDOWS\system32\853194.sys []
S3 89c17C;89c17C;C:\WINDOWS\system32\89c17C.sys []
S3 8e1188;8e1188;C:\WINDOWS\system32\8e1188.sys []
S3 94e18A;94e18A;C:\WINDOWS\system32\94e18A.sys []
S3 9c317F;9c317F;C:\WINDOWS\system32\9c317F.sys []
S3 a6d190;a6d190;C:\WINDOWS\system32\a6d190.sys []
S3 c8e199;c8e199;C:\WINDOWS\system32\c8e199.sys []
S3 ce117A;ce117A;C:\WINDOWS\system32\ce117A.sys []
S3 DarkSpy;DarkSpy;C:\WINDOWS\system32\DarkSpyKernel.sys [2008-04-17 11:21]
S3 e1a18B;e1a18B;C:\WINDOWS\system32\e1a18B.sys []
S3 e2c183;e2c183;C:\WINDOWS\system32\e2c183.sys []
S3 e6d176;e6d176;C:\WINDOWS\system32\e6d176.sys []
S3 eb3177;eb3177;C:\WINDOWS\system32\eb3177.sys []
S3 eff186;eff186;C:\WINDOWS\system32\eff186.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 11:02:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
Voltooingstijd: 2008-04-19 11:03:23
ComboFix-quarantined-files.txt 2008-04-19 09:03:21

Pre-Run: 18,258,477,056 bytes beschikbaar
Post-Run: 18,258,948,096 bytes beschikbaar

349 --- E O F --- 2008-04-19 05:02:32

Ik heb met runscanner.exe nog even alle fouten er uit gehaald.

Ene voor de rest werkt het pctje weer als vanouds.

smeenk en ctrlaltdelete bedankt voor alle hulp.
ik hoop jullie niet meer nodig te hebben

Ow sorry, ik was je topic helemaal vergeten

Post eventueel nog een nieuw logje van Combofix, dan kan ik straks nog even kijken of ik nog wat zie dat er uit mag