[OPGELOST] antispyware reviews.biz

hallo ,

ik zit al paar dagen met ik denk deze trojan ? "antispyware reviews.biz"

kheb al hopeloos gezocht op internet en niets gevonde dat me kan helpen.

Of er zijn programmas , maar die zijn dan weer betalend ...

Is de enige optie dan formateren ?

ik heb als anti virus kaspersky 7.0 , eigenaardig genoeg vint die niks en het probleem blijft .

Als antis spyware heb ik super antispyware maar dit helpt ook niet . Tot slot heb ik a squared anti male geinstaleerd maar dit helpt dan ook weer niet , ben ten einde raad kan iemand helpe ?

download u eens HijackThis en doe eens een scan er mee (en save log)

plaats dan de inhoud van dit log in een nieuw bericht.

een van onze medewerkers zal dit vervolgs voor u analiseren en u er proberen vanaf te helpen.

Logfile of HijackThis v1.99.1

Scan saved at 20:03:14, on 3/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\System Control Manager\edd.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Application Data\vonuzsbi\zabebybi.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\MSI\Live Update 3\LMonitor.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\TopDesk\topdesk.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\kxcdansr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\RALINK\Common\RaUI.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\TuneUp Utilities 2008\Integrator.exe

C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe

C:\Program Files\TuneUp Utilities 2008\WinStyler.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = MSI -- MICRO-STAR INT'L CO.,LTD.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min

O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [zdausejt] C:\WINDOWS\system32\kxcdansr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI -- MICRO-STAR INT'L CO.,LTD.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = MSI -- MICRO-STAR INT'L CO.,LTD.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [zdausejt] C:\WINDOWS\system32\kxcdansr.exe

Klik op 'Fix checked' om de items te verwijderen.

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Plak nu de inhoud van dat rapportje hier met een nieuw HJT-log.

SDFix: Version 1.165

Run by Administrator on do 03/04/2008 at 20:55

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-03 20:59:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df01f436d]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df0259ae5]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df02d1bf4]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000000

"hdf12"=hex:8c,47,28,8f,bf,fc,c8,74,aa,0f,55,16,46,82,ce,11,42,ec,49,31,b9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,e4,f4,68,60,bf,df,e0,d0,84,e2,6e,7d,d8,14,76,d6,aa,..

"hdf12"=hex:b2,08,28,f2,16,e3,58,79,1b,97,54,91,d2,03,8f,e5,8c,2f,0f,53,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:69,33,f3,3e,d1,d2,7a,fc,83,fd,c1,33,ba,b2,b5,14,1b,45,3a,ae,a4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:37,c5,a0,e4,e8,eb,cd,b1,4e,03,91,d1,5c,e0,23,8c,06,0b,e2,01,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]

"a0"=hex:20,01,00,00,cb,67,52,60,60,bc,7b,ec,47,42,ef,58,0c,da,5e,26,de,..

"hdf12"=hex:53,50,01,e1,9a,6a,44,2d,57,60,8a,8d,99,fe,67,1d,27,0e,22,a3,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]

"hdf12"=hex:40,a3,c6,3d,56,38,9a,59,c4,e1,10,a9,93,b8,2f,5e,14,99,02,08,95,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df01f436d]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df0259ae5]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df02d1bf4]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000000

"hdf12"=hex:8c,47,28,8f,bf,fc,c8,74,aa,0f,55,16,46,82,ce,11,42,ec,49,31,b9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,e4,f4,68,60,bf,df,e0,d0,84,e2,6e,7d,d8,14,76,d6,aa,..

"hdf12"=hex:b2,08,28,f2,16,e3,58,79,1b,97,54,91,d2,03,8f,e5,8c,2f,0f,53,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:69,33,f3,3e,d1,d2,7a,fc,83,fd,c1,33,ba,b2,b5,14,1b,45,3a,ae,a4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]

"hdf12"=hex:37,c5,a0,e4,e8,eb,cd,b1,4e,03,91,d1,5c,e0,23,8c,06,0b,e2,01,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]

"a0"=hex:20,01,00,00,cb,67,52,60,60,bc,7b,ec,47,42,ef,58,0c,da,5e,26,de,..

"hdf12"=hex:53,50,01,e1,9a,6a,44,2d,57,60,8a,8d,99,fe,67,1d,27,0e,22,a3,80,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]

"hdf12"=hex:40,a3,c6,3d,56,38,9a,59,c4,e1,10,a9,93,b8,2f,5e,14,99,02,08,95,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 84

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 21 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITDD.tmp"

Finished!

Volgende stap :

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het logje van Combofix en een nieuw log van HJT aan je volgende bericht.

combofix :

ComboFix 08-04-03.5 - kevin deswarte 2008-04-04 18:11:00.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.235 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\kevin deswarte\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))

.

2008-04-04 18:25 . 2008-04-04 18:25 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-04-04 16:07 . 2008-04-04 16:08 <DIR> d-------- C:\Program Files\querta

2008-04-03 20:53 . 2008-04-03 20:53 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-03 20:49 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen

2008-04-03 20:49 . 2008-04-03 20:52 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend

2008-04-03 20:49 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving

2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten

2008-04-03 20:49 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start

2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten

2008-04-03 20:49 . 2008-04-04 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad

2008-04-03 20:49 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel

2008-04-03 20:38 . 2008-04-03 21:02 <DIR> d-------- C:\SDFix

2008-04-03 13:34 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\a-squared Anti-Malware

2008-04-02 19:37 . 2008-04-02 19:37 <DIR> d-------- C:\Program Files\PC-Cleaner

2008-04-02 19:05 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-04-02 19:03 . 2008-04-02 19:03 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-04-01 20:11 . 2008-04-01 20:11 90,112 --a------ C:\WINDOWS\system32\kxcdansr.exe

2008-04-01 20:03 . 2008-04-01 20:03 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-04-01 20:03 . 2008-04-01 20:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-04-01 20:01 . 2008-04-01 20:01 <DIR> d-------- C:\Program Files\Kaspersky Lab

2008-04-01 20:01 . 2008-04-04 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-01 20:01 . 2008-04-04 18:47 3,471,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-01 20:01 . 2008-04-03 21:29 119,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-04-01 20:01 . 2008-04-03 21:29 42,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-01 20:01 . 2008-04-03 21:29 4,076 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-04-01 19:59 . 2008-04-01 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-04-01 18:54 . 2008-04-01 18:54 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Malwarebytes

2008-04-01 18:54 . 2008-04-01 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-04-01 17:50 . 2008-04-01 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-01 16:31 . 2008-04-01 16:31 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ufasoft

2008-04-01 14:04 . 2008-04-01 14:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\SUPERAntiSpyware.com

2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-03-31 21:39 . 2008-04-01 13:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-31 15:08 . 2008-03-31 15:08 <DIR> d-------- C:\Program Files\Ufasoft

2008-03-31 15:01 . 2008-03-31 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vonuzsbi

2008-03-31 15:01 . 2008-03-31 15:01 90,112 --a------ C:\WINDOWS\system32\tifyxefm.exe

2008-03-29 12:55 . 2008-03-29 12:55 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-28 22:15 . 2008-03-29 19:45 <DIR> d-------- C:\Program Files\World of Warcraft

2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Program Files\WinISO

2008-03-28 21:27 . 2008-03-28 21:27 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DAEMON Tools Pro

2008-03-28 21:27 . 2008-03-28 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

2008-03-28 21:21 . 2008-03-28 21:31 <DIR> d-------- C:\Program Files\DAEMON Tools Pro

2008-03-28 21:15 . 2008-03-28 21:15 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-28 20:23 . 2008-03-28 22:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2008-03-28 20:20 . 2008-03-29 18:55 145 --a------ C:\WINDOWS\wowCP.ini

2008-03-24 18:01 . 2008-03-24 18:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-03-24 16:13 . 2008-04-04 15:15 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-24 15:27 . 2008-03-24 17:16 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ahead

2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Program Files\Nero

2008-03-24 15:25 . 2008-03-24 15:28 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-03-24 00:07 . 2008-03-24 00:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DivX

2008-03-24 00:06 . 2008-03-24 00:06 <DIR> d-------- C:\Program Files\DivX

2008-03-23 11:16 . 2008-03-23 11:16 <DIR> d-------- C:\Program Files\TopDesk

2008-03-23 11:05 . 2008-03-23 11:06 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\BitTorrent

2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Sjablonen

2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Favorieten

2008-03-23 11:01 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\Intel

2008-03-23 10:59 . 2008-03-23 10:59 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-03-23 10:56 . 2008-03-23 11:08 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-03-22 21:09 . 2008-04-02 19:03 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008

2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\TuneUp Software

2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-03-22 21:07 . 2008-04-01 14:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\DNA

2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\BitTorrent

2008-03-22 20:07 . 2008-04-04 18:44 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DNA

2008-03-22 20:07 . 2008-04-04 14:51 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\BitTorrent

2008-03-21 23:22 . 2008-03-21 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-03-21 21:12 . 2008-03-21 21:12 <DIR> d-------- C:\Program Files\Alwil Software

2008-03-21 21:12 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-21 21:09 . 2008-03-21 21:09 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-03-21 21:02 . 2008-03-21 21:02 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\AdobeUM

2008-03-21 15:36 . 2008-03-21 16:02 <DIR> d-------- C:\Program Files\Conquer 2.0

2008-03-21 15:36 . 2008-03-21 15:36 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\InstallShield

2008-03-21 14:50 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-21 14:50 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-21 14:50 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-21 14:41 . 2008-04-01 19:57 <DIR> d-------- C:\Downloads

2008-03-21 14:37 . 2008-04-04 18:39 <DIR> d-------- C:\Program Files\FlashGet

2008-03-20 20:06 . 2008-03-20 20:08 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DMCache

2008-03-20 20:03 . 2008-03-20 20:03 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-20 18:28 . 2008-03-20 18:28 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\3M

2008-03-20 18:11 . 2008-03-20 18:11 <DIR> d---s---- C:\Documents and Settings\kevin deswarte\UserData

2008-03-20 18:06 . 2008-03-20 18:06 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-20 17:58 . 2008-03-20 17:58 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Contacts

2008-03-20 17:57 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-20 17:56 . 2008-03-20 17:56 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-03-20 17:53 . 2008-03-20 17:55 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-20 17:52 . 2008-03-22 15:26 <DIR> d-------- C:\Program Files\Windows Live

2008-03-20 17:52 . 2008-03-20 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-20 15:52 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Sjablonen

2008-03-20 15:52 . 2008-04-04 17:16 <DIR> dr-h----- C:\Documents and Settings\kevin deswarte\Onlangs geopend

2008-03-20 15:52 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Netwerkprinteromgeving

2008-03-20 15:52 . 2008-04-03 21:06 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Mijn documenten

2008-03-20 15:52 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Menu Start

2008-03-20 15:52 . 2008-03-26 23:49 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Favorieten

2008-03-20 15:52 . 2008-04-04 18:27 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Bureaublad

2008-03-20 15:52 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Intel

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll

2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-26 16:42 288576]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-01 14:07 1470464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 16239616 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]

"AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 05:20 88203 C:\WINDOWS\AGRSMMSG.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 22:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-05-15 14:44 266240]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 15:52 675840]

"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2006-08-03 15:24 178688]

"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-06-07 14:22 484352]

"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-06-29 13:44 1990704]

"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 19:03 201216]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2006-08-08 21:02:19 593920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\FlashGet\\flashget.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=

"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 09:00]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-21 11:09]

R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2006-03-22 11:07]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:00]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [2006-07-03 10:31]

R3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-02 19:03]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-05-03 20:36]

S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [2008-01-17 05:22]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-04 16:00:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2008-04-04 16:14:03 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

**************************************************************************

.

Voltooingstijd: 2008-04-04 18:49:35

ComboFix-quarantined-files.txt 2008-04-04 16:48:37

Pre-Run: 66,071,535,616 bytes beschikbaar

Post-Run: 66,042,667,008 bytes beschikbaar

.

2008-03-22 13:26:51 --- E O F ---

hjt :

Logfile of HijackThis v1.99.1

Scan saved at 18:55:01, on 4/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\System Control Manager\edd.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\MSI\Live Update 3\LMonitor.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\TopDesk\topdesk.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\RALINK\Common\RaUI.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\System32\TuneUpDefragService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min

O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

allesinds al bedeankt dat je wil helpen en voor je tyd

mvg

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\tifyxefm.exe

C:\WINDOWS\system32\kxcdansr.exe

Folder::

C:\SDFix

C:\Documents and Settings\kevin deswarte\Application Data\Malwarebytes

C:\Documents and Settings\All Users\Application Data\Malwarebytes

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht. En laat dan ook meteen eens weten of je nog ergens meldingen krijgt van deze trojan ?

ComboFix 08-04-03.5 - kevin deswarte 2008-04-04 21:54:55.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.475 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\kevin deswarte\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\kevin deswarte\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\WINDOWS\system32\kxcdansr.exe

C:\WINDOWS\system32\tifyxefm.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Malwarebytes

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt

C:\Documents and Settings\kevin deswarte\Application Data\Malwarebytes

C:\Documents and Settings\kevin deswarte\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-4-1-2008 (19-11-42).txt

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\fixXP.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\regedit.exe

C:\SDFix\apps\Replace\W2K.exe

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\XP.exe

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swreg.exe

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\winsec.reg

C:\SDFix\apps\zip.exe

C:\SDFix\backups\backupreg.zip

C:\SDFix\backups\backups.zip

C:\SDFix\backups\HOSTS

C:\SDFix\catchme.exe

C:\SDFix\dummy.sys

C:\SDFix\Report.txt

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

C:\WINDOWS\system32\kxcdansr.exe

C:\WINDOWS\system32\tifyxefm.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))

.

2008-04-04 16:07 . 2008-04-04 16:08 <DIR> d-------- C:\Program Files\querta

2008-04-03 20:53 . 2008-04-03 20:53 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-03 20:49 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen

2008-04-03 20:49 . 2008-04-03 20:52 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend

2008-04-03 20:49 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving

2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten

2008-04-03 20:49 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start

2008-04-03 20:49 . 2006-07-27 16:05 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten

2008-04-03 20:49 . 2008-04-04 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad

2008-04-03 20:49 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel

2008-04-03 13:34 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\a-squared Anti-Malware

2008-04-02 19:37 . 2008-04-02 19:37 <DIR> d-------- C:\Program Files\PC-Cleaner

2008-04-02 19:05 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-04-02 19:03 . 2008-04-02 19:03 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-04-01 20:03 . 2008-04-01 20:03 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-04-01 20:03 . 2008-04-01 20:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-04-01 20:01 . 2008-04-01 20:01 <DIR> d-------- C:\Program Files\Kaspersky Lab

2008-04-01 20:01 . 2008-04-04 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-04-01 20:01 . 2008-04-04 19:29 3,584,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-04-01 20:01 . 2008-04-03 21:29 119,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-04-01 20:01 . 2008-04-03 21:29 42,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-04-01 20:01 . 2008-04-03 21:29 4,076 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-04-01 19:59 . 2008-04-01 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-04-01 17:50 . 2008-04-01 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-01 16:31 . 2008-04-01 16:31 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ufasoft

2008-04-01 14:04 . 2008-04-01 14:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\SUPERAntiSpyware.com

2008-04-01 14:04 . 2008-04-01 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-03-31 21:39 . 2008-04-01 13:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-03-31 15:08 . 2008-03-31 15:08 <DIR> d-------- C:\Program Files\Ufasoft

2008-03-31 15:01 . 2008-03-31 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vonuzsbi

2008-03-29 12:55 . 2008-03-29 12:55 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-28 22:15 . 2008-03-29 19:45 <DIR> d-------- C:\Program Files\World of Warcraft

2008-03-28 22:05 . 2008-03-28 22:05 <DIR> d-------- C:\Program Files\WinISO

2008-03-28 21:27 . 2008-03-28 21:27 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DAEMON Tools Pro

2008-03-28 21:27 . 2008-03-28 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

2008-03-28 21:21 . 2008-03-28 21:31 <DIR> d-------- C:\Program Files\DAEMON Tools Pro

2008-03-28 21:15 . 2008-03-28 21:15 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-28 20:23 . 2008-03-28 22:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2008-03-28 20:20 . 2008-03-29 18:55 145 --a------ C:\WINDOWS\wowCP.ini

2008-03-24 18:01 . 2008-03-24 18:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-03-24 16:13 . 2008-04-04 19:27 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-24 15:27 . 2008-03-24 17:16 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Ahead

2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Program Files\Nero

2008-03-24 15:25 . 2008-03-24 15:28 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-03-24 15:25 . 2008-03-24 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-03-24 00:07 . 2008-03-24 00:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DivX

2008-03-24 00:06 . 2008-03-24 00:06 <DIR> d-------- C:\Program Files\DivX

2008-03-23 11:16 . 2008-03-23 11:16 <DIR> d-------- C:\Program Files\TopDesk

2008-03-23 11:05 . 2008-03-23 11:06 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\BitTorrent

2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Sjablonen

2008-03-23 11:01 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Favorieten

2008-03-23 11:01 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte.LAPTOP\Application Data\Intel

2008-03-23 10:59 . 2008-03-23 10:59 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-03-23 10:56 . 2008-03-23 11:08 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-03-22 21:09 . 2008-04-02 19:03 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008

2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\TuneUp Software

2008-03-22 21:09 . 2008-03-22 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-03-22 21:07 . 2008-04-01 14:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\DNA

2008-03-22 20:07 . 2008-03-22 20:07 <DIR> d-------- C:\Program Files\BitTorrent

2008-03-22 20:07 . 2008-04-04 22:04 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DNA

2008-03-22 20:07 . 2008-04-04 20:34 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\BitTorrent

2008-03-21 23:22 . 2008-03-21 23:22 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-03-21 21:12 . 2008-03-21 21:12 <DIR> d-------- C:\Program Files\Alwil Software

2008-03-21 21:12 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-03-21 21:09 . 2008-03-21 21:09 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-03-21 21:02 . 2008-03-21 21:02 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\AdobeUM

2008-03-21 15:36 . 2008-03-21 16:02 <DIR> d-------- C:\Program Files\Conquer 2.0

2008-03-21 15:36 . 2008-03-21 15:36 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\InstallShield

2008-03-21 14:50 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-21 14:50 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-21 14:50 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-21 14:41 . 2008-04-01 19:57 <DIR> d-------- C:\Downloads

2008-03-21 14:37 . 2008-04-04 21:52 <DIR> d-------- C:\Program Files\FlashGet

2008-03-20 20:06 . 2008-03-20 20:08 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\DMCache

2008-03-20 20:03 . 2008-03-20 20:03 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-20 18:28 . 2008-03-20 18:28 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\3M

2008-03-20 18:11 . 2008-03-20 18:11 <DIR> d---s---- C:\Documents and Settings\kevin deswarte\UserData

2008-03-20 18:06 . 2008-03-20 18:06 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-20 17:58 . 2008-03-20 17:58 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Contacts

2008-03-20 17:57 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-03-20 17:56 . 2008-03-20 17:56 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-03-20 17:53 . 2008-03-20 17:55 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-20 17:52 . 2008-03-22 15:26 <DIR> d-------- C:\Program Files\Windows Live

2008-03-20 17:52 . 2008-03-20 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-20 15:52 . 2006-07-27 15:58 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Sjablonen

2008-03-20 15:52 . 2008-04-04 21:52 <DIR> dr-h----- C:\Documents and Settings\kevin deswarte\Onlangs geopend

2008-03-20 15:52 . 2006-07-27 17:53 <DIR> d--h----- C:\Documents and Settings\kevin deswarte\Netwerkprinteromgeving

2008-03-20 15:52 . 2008-04-03 21:06 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Mijn documenten

2008-03-20 15:52 . 2006-07-27 17:53 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Menu Start

2008-03-20 15:52 . 2008-03-26 23:49 <DIR> dr------- C:\Documents and Settings\kevin deswarte\Favorieten

2008-03-20 15:52 . 2008-04-04 21:54 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Bureaublad

2008-03-20 15:52 . 2006-08-08 20:53 <DIR> d-------- C:\Documents and Settings\kevin deswarte\Application Data\Intel

2008-03-20 15:47 . 2008-03-20 15:47 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll

2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

.

((((((((((((((((((((((((((((( snapshot@2008-04-04_18.48.08,84 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-04 12:53:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-04-04 19:12:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-04-04 12:53:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

+ 2008-04-04 19:12:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

- 2008-04-04 12:53:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-04 19:12:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-26 16:42 288576]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-01 14:07 1470464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 16239616 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]

"AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 05:20 88203 C:\WINDOWS\AGRSMMSG.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 22:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-05-15 14:44 266240]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 15:52 675840]

"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2006-08-03 15:24 178688]

"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-06-07 14:22 484352]

"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-06-29 13:44 1990704]

"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 19:03 201216]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2006-08-08 21:02:19 593920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\FlashGet\\flashget.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=

"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=

"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 09:00]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-21 11:09]

R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2006-03-22 11:07]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:00]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [2006-07-03 10:31]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-05-03 20:36]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-02 19:03]

S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [2008-01-17 05:22]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-04 20:01:15 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

"2008-04-04 19:14:05 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 22:05:39

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-04 22:07:17

ComboFix-quarantined-files.txt 2008-04-04 20:07:12

ComboFix2.txt 2008-04-04 16:49:37

Pre-Run: 67,384,758,272 bytes beschikbaar

Post-Run: 67,394,953,216 bytes beschikbaar

.

2008-03-22 13:26:51 --- E O F ---

voila , voorlopig geen meldinge gekregen maar khou men hart vast

nogmaals becankt voo je tyd en inspaningen !

100 % zeker ben je nooit, maar ik ben toch vrij zeker dat je van die lastige meldingen af bent.

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

That’s it !