Mededeling

Collapse
No announcement yet.

MSN stuurt ongewenste link door

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    MSN stuurt ongewenste link door

    Een paar dagen geleden kreeg ik een link van één van mijn contactpersonen. in alle onoplettendheid heb ik hierop geklikt en nu stuurt mijn msn dezelfde soort linken door naar contactpersonen.
    deze linken zijn deze: http://.....
    -evil_frigo.very.co0olthings.info
    -evil_frigo.cache2.imaghosters.info
    -real.h0tstuff.info

    die evil_frigo in de eerste 2 is mijn email adres.


    de hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:24:25, on 27/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\lightroom.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\hijackthis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2067
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file:///C:/Program%20Files/proeWildfire%203.0/i486_nt/obj/pvx_install.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157714331359
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11430 bytes
    Labels: Geen
    • Citaat
  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd
    • Citaat

    Comment

    • #3
      in elk geval hartelijk bedankt voor de hulp en de snelle reactie:

      hier volgt de log van de combofix:

      ComboFix 08-04-26.3 - Tim Verplanken 2008-04-27 16:00:29.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.503 [GMT 2:00]
      Gestart vanuit: C:\Documents and Settings\Tim Verplanken\Bureaublad\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Tim Verplanken\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Tim Verplanken\Application Data\macromedia\Flash Player\#SharedObjects\7CMBW9LH\www.broadcaster.com
      C:\Documents and Settings\Tim Verplanken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
      C:\Documents and Settings\Tim Verplanken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
      C:\WINDOWS\Downloaded Program Files\setup.inf
      C:\WINDOWS\system32\Cache

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))
      .

      2008-04-27 12:39 . 2008-04-27 12:38 691,545 --a------ C:\WINDOWS\unins000.exe
      2008-04-27 12:39 . 2008-04-27 12:39 2,557 --a------ C:\WINDOWS\unins000.dat
      2008-04-23 17:03 . 2008-04-23 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Alias
      2008-04-03 11:30 . 2008-04-03 11:30 <DIR> d-------- C:\Program Files\iPod
      2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
      2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-27 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-27 10:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-04-26 10:36 --------- d-----w C:\Program Files\DAEMON Tools
      2008-04-23 15:03 --------- d-----w C:\Program Files\Alias
      2008-04-23 15:03 --------- d-----w C:\Documents and Settings\Tim Verplanken\Application Data\Alias
      2008-04-11 15:06 --------- d-----w C:\Program Files\Java
      2008-04-05 13:53 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
      2008-04-03 23:58 --------- d-----w C:\Documents and Settings\Tim Verplanken\Application Data\Apple Computer
      2008-04-03 09:31 --------- d-----w C:\Program Files\iTunes
      2008-04-03 09:27 --------- d-----w C:\Program Files\QuickTime
      2008-03-24 19:58 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-24 19:58 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-22 22:22 --------- d-----w C:\Program Files\InterActual
      2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-07 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-03-04 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-03-04 13:11 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2008-03-04 13:06 --------- d-----w C:\Program Files\Microsoft Virtual PC
      2008-03-02 11:35 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2008-03-02 11:34 --------- d-----w C:\Program Files\Windows Live
      2008-03-02 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
      2007-02-10 12:49 32 ----a-r C:\Documents and Settings\All Users\hash.dat
      2006-10-10 18:35 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
      "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:14 7401472]
      "nwiz"="nwiz.exe" [2006-01-19 09:14 1519616 C:\WINDOWS\system32\nwiz.exe]
      "NVHotkey"="nvHotkey.dll" [2006-01-19 09:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
      "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
      "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
      "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
      "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-07-15 15:23 176128]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
      "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00 160256]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-26 11:27:36 274432]
      TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-12-07 17:28:06 114688]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Alias SketchBook Snapshot.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Alias SketchBook Snapshot.lnk
      backup=C:\WINDOWS\pss\Alias SketchBook Snapshot.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
      backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
      backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
      backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Snel Starten.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Snel Starten.lnk
      backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Snel Starten.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NkbMonitor.exe.lnk
      backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkvMon.exe.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NkvMon.exe.lnk
      backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk
      backup=C:\WINDOWS\pss\Snelstart HP Image Zone.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VPN Client.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\VPN Client.lnk
      backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Tim Verplanken^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
      path=C:\Documents and Settings\Tim Verplanken\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
      backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Tim Verplanken^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Quick Launch.lnk]
      path=C:\Documents and Settings\Tim Verplanken\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Quick Launch.lnk
      backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Tim Verplanken^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]
      path=C:\Documents and Settings\Tim Verplanken\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk
      backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
      C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      -ra------ 2007-11-05 06:32 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
      C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
      --a------ 2003-09-23 01:58 57344 C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "iPod Service"=3 (0x3)
      "Boonty Games"=3 (0x3)
      "Apple Mobile Device"=2 (0x2)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe"=
      "C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe"=
      "C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe"=
      "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
      "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
      "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
      "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Last.fm\\LastFM.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\WINDOWS\\system32\\rundll32.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\proeWildfire 3.0\\i486_nt\\nms\\nmsd.exe"=
      "C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"=
      "C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\xtop.exe"=
      "C:\\Program Files\\proeWildfire 3.0\\bin\\proe.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 14:00]
      R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-12-09 16:39]
      S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
      S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-01-31 10:37]
      S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-06-17 10:48]
      S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
      \Shell\AutoRun\command - G:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1cc80b-0edf-11dd-81cf-00059a3c7800}]
      \Shell\AutoRun\command - G:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{422a69f2-bdb0-11db-8133-0015c523b73e}]
      \Shell\AutoRun\command - ie.exe
      \Shell\explore\Command - ie.exe
      \Shell\open\Command - ie.exe

      *Newly Created Service* - CATCHME
      *Newly Created Service* - ENTDRV51
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-04-11 07:22:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-27 16:10:05
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-04-27 16:13:27
      ComboFix-quarantined-files.txt 2008-04-27 14:13:10

      Pre-Run: 1,202,094,080 bytes beschikbaar
      Post-Run: 3,541,012,480 bytes beschikbaar

      WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
      C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

      216 --- E O F --- 2008-04-13 10:51:11

      -------------------------------------------------------------------------

      en de het vers hijackthis logje:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:55:28, on 27/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Tablet.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\Program Files\Apoint\HidFind.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Rainlendar2\Rainlendar2.exe
      C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
      C:\Program Files\Launchy\Launchy.exe
      C:\WINDOWS\system32\WTablet\TabUserW.exe
      C:\Program Files\Last.fm\LastFMHelper.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\hijackthis\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2067
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
      O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
      O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
      O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file:///C:/Program%20Files/proeWildfire%203.0/i486_nt/obj/pvx_install.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157714331359
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

      --
      End of file - 10356 bytes
      • Citaat

      Comment

      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

        Registry::
        [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{422a69f2-bdb0-11db-8133-0015c523b73e}]

        Driver::
        Boonty Games

        Folder::
        C:\Program Files\Common Files\BOONTY Shared


        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord

        Heb je nog problemen?
        Groet,
        Pimmerd
        • Citaat

        Comment

        • #5
          hier volgt de log van combofix.

          of ik nog problemen heb zal ik binnenkort wel horen van mijn msn contacten.

          ComboFix 08-04-27.2 - Tim Verplanken 2008-04-28 13:16:03.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.432 [GMT 2:00]
          Gestart vanuit: C:\Documents and Settings\Tim Verplanken\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Tim Verplanken\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt
          * Resident AV is active

          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Program Files\Common Files\BOONTY Shared
          C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          -------\Legacy_BOONTY_GAMES
          -------\Service_Boonty Games


          (((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))
          .

          2008-04-27 12:39 . 2008-04-27 12:38 691,545 --a------ C:\WINDOWS\unins000.exe
          2008-04-27 12:39 . 2008-04-27 12:39 2,557 --a------ C:\WINDOWS\unins000.dat
          2008-04-23 17:03 . 2008-04-23 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Alias
          2008-04-03 11:30 . 2008-04-03 11:30 <DIR> d-------- C:\Program Files\iPod
          2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
          2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-04-27 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-04-27 10:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
          2008-04-26 10:36 --------- d-----w C:\Program Files\DAEMON Tools
          2008-04-23 15:03 --------- d-----w C:\Program Files\Alias
          2008-04-23 15:03 --------- d-----w C:\Documents and Settings\Tim Verplanken\Application Data\Alias
          2008-04-11 15:06 --------- d-----w C:\Program Files\Java
          2008-04-05 13:53 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
          2008-04-03 23:58 --------- d-----w C:\Documents and Settings\Tim Verplanken\Application Data\Apple Computer
          2008-04-03 09:31 --------- d-----w C:\Program Files\iTunes
          2008-04-03 09:27 --------- d-----w C:\Program Files\QuickTime
          2008-03-24 19:58 --------- d-----w C:\Program Files\MSN Messenger
          2008-03-24 19:58 --------- d-----w C:\Program Files\Messenger Plus! Live
          2008-03-22 22:22 --------- d-----w C:\Program Files\InterActual
          2008-03-07 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-03-04 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2008-03-04 13:11 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
          2008-03-04 13:06 --------- d-----w C:\Program Files\Microsoft Virtual PC
          2008-03-02 11:35 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
          2008-03-02 11:34 --------- d-----w C:\Program Files\Windows Live
          2008-03-02 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2007-02-10 12:49 32 ----a-r C:\Documents and Settings\All Users\hash.dat
          2006-10-10 18:35 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
          .

          ((((((((((((((((((((((((((((( [email protected]_16.12.56,88 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-04-26 11:20:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
          + 2008-04-28 11:26:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
          + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
          - 2008-04-26 11:20:48 230,022 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
          + 2008-04-28 11:26:23 230,017 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
          - 2008-04-26 11:25:15 93,356 ----a-w C:\WINDOWS\system32\perfc009.dat
          + 2008-04-28 11:34:47 93,356 ----a-w C:\WINDOWS\system32\perfc009.dat
          - 2008-04-26 11:25:15 116,404 ----a-w C:\WINDOWS\system32\perfc013.dat
          + 2008-04-28 11:34:48 116,404 ----a-w C:\WINDOWS\system32\perfc013.dat
          - 2008-04-26 11:25:15 483,448 ----a-w C:\WINDOWS\system32\perfh009.dat
          + 2008-04-28 11:34:48 483,448 ----a-w C:\WINDOWS\system32\perfh009.dat
          - 2008-04-26 11:25:15 555,940 ----a-w C:\WINDOWS\system32\perfh013.dat
          + 2008-04-28 11:34:48 555,940 ----a-w C:\WINDOWS\system32\perfh013.dat
          - 2008-04-26 11:20:48 13,012 ----a-w C:\WINDOWS\system32\tablet.dat
          + 2008-04-28 11:26:22 13,012 ----a-w C:\WINDOWS\system32\tablet.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
          "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
          "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
          "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 09:14 7401472]
          "nwiz"="nwiz.exe" [2006-01-19 09:14 1519616 C:\WINDOWS\system32\nwiz.exe]
          "NVHotkey"="nvHotkey.dll" [2006-01-19 09:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
          "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
          "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
          "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
          "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
          "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
          "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
          "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-07-15 15:23 176128]
          "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-26 11:27:36 274432]
          TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-12-07 17:28:06 114688]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Alias SketchBook Snapshot.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Alias SketchBook Snapshot.lnk
          backup=C:\WINDOWS\pss\Alias SketchBook Snapshot.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
          backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
          backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
          backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Snel Starten.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Snel Starten.lnk
          backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Snel Starten.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NkbMonitor.exe.lnk
          backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkvMon.exe.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\NkvMon.exe.lnk
          backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk
          backup=C:\WINDOWS\pss\Snelstart HP Image Zone.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VPN Client.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\VPN Client.lnk
          backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^Tim Verplanken^Menu Start^Programma's^Opstarten^Last.fm Helper.lnk]
          path=C:\Documents and Settings\Tim Verplanken\Menu Start\Programma's\Opstarten\Last.fm Helper.lnk
          backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

          [HKLM\~\startupfolder\C:^Documents and Settings^Tim Verplanken^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Quick Launch.lnk]
          path=C:\Documents and Settings\Tim Verplanken\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Quick Launch.lnk
          backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

          [HKLM\~\startupfolder\C:^Documents and Settings^Tim Verplanken^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]
          path=C:\Documents and Settings\Tim Verplanken\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk
          backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
          C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
          -ra------ 2007-11-05 06:32 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
          C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
          --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
          --a------ 2003-09-23 01:58 57344 C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
          "iPod Service"=3 (0x3)
          "Boonty Games"=3 (0x3)
          "Apple Mobile Device"=2 (0x2)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe"=
          "C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe"=
          "C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe"=
          "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
          "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
          "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
          "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Program Files\\Last.fm\\LastFM.exe"=
          "C:\\WINDOWS\\system32\\dpvsetup.exe"=
          "C:\\WINDOWS\\system32\\rundll32.exe"=
          "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
          "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "C:\\Program Files\\proeWildfire 3.0\\i486_nt\\nms\\nmsd.exe"=
          "C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"=
          "C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\xtop.exe"=
          "C:\\Program Files\\proeWildfire 3.0\\bin\\proe.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
          "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
          "C:\\Program Files\\iTunes\\iTunes.exe"=

          R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 14:00]
          R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-12-09 16:39]
          S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
          S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-01-31 10:37]
          S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
          \Shell\AutoRun\command - G:\LaunchU3.exe -a

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c1cc80b-0edf-11dd-81cf-00059a3c7800}]
          \Shell\AutoRun\command - G:\LaunchU3.exe -a

          *Newly Created Service* - ENTDRV51
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-04-11 07:22:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-04-28 13:32:43
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
          C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
          C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
          C:\WINDOWS\system32\LEXBCES.EXE
          C:\WINDOWS\system32\scardsvr.exe
          C:\WINDOWS\system32\LEXPPS.EXE
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
          C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          C:\Program Files\Network Associates\VirusScan\Mcshield.exe
          C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
          C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
          C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\HPZipm12.exe
          C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
          C:\WINDOWS\system32\Tablet.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
          C:\Program Files\Apoint\hidfind.exe
          C:\Program Files\Apoint\ApntEx.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-04-28 13:44:39 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-04-28 11:44:30
          ComboFix2.txt 2008-04-27 14:13:27

          Pre-Run: 3,537,444,864 bytes beschikbaar
          Post-Run: 3,378,860,032 bytes beschikbaar

          245 --- E O F --- 2008-04-13 10:51:11
          • Citaat

          Comment

          • #6
            Ik heb niets meer gehoord van m'n contacten. dus ik denk(en hoop) dat het opgelost is.

            hartelijk bedankt voor de hulp
            • Citaat

            Comment

            • #7
              Logje ziet er goed uit idd

              Deinstalleer Combofix:
              Ga naar start --> uitvoeren en typ daar: combofix /u
              Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

              Groet,
              Pim
              Groet,
              Pimmerd
              • Citaat

              Comment

              Vorige template Volgende
              Sorry, you are not authorized to view this page
              Working...
              X