filkill

Hier het logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:08, on 31/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DeskSlide\DeskSlide.exe C:\Program Files\Ares\Ares.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\DeskPins\DeskPins.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{75-51-1E-EC-DW}] C:\windows\system32\jnwnw64j.exe DWram O4 - HKLM\..\Run: [{a3d56726-30ce-a965-f54d-f1ce632803b0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" DllStart O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- End of file - 10355 bytes

logje SDfix Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-30 16:48:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\WINDOWS\\system32\\MPK\\Mpk.exe"="C:\\WINDOWS\\system32\\MPK\\Mpk.exe:*:Enabled:TCP\\IP" "C:\\WINDOWS\\system32\\MPK\\MpkView.exe"="C:\\WINDOWS\\system32\\MPK\\MpkView.exe:*:Enabled:TCP\\IP" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire 4.13.5" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Thu 8 Mar 2007 258,560 A..H. --- "C:\Program Files\Adobe\upx.exe" Fri 11 Jan 2008 27,944,264 ...H. --- "C:\Program Files\Fish Tycoon\Fish Tycoon.exe" Thu 10 Apr 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Finished!

Nee niet dat ik weet:)

En hier nog een Hijacktis logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:42:53, on 29/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DeskSlide\DeskSlide.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\DeskPins\DeskPins.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{75-51-1E-EC-DW}] C:\windows\system32\jnwnw64j.exe DWram O4 - HKLM\..\Run: [{a3d56726-30ce-a965-f54d-f1ce632803b0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" DllStart O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- End of file - 10472 bytes

Hier Combo Log: ComboFix 08-05-27.4 - Hilde 2008-05-29 19:34:37.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.405 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Hilde\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Hilde\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt FILE :: C:\Documents and Settings\All Users\Application Data\fege.dat C:\Documents and Settings\All Users\Application Data\foxuqupaq.dat C:\Documents and Settings\All Users\Application Data\kovogavyt.com C:\Documents and Settings\All Users\Application Data\mowyna.dll C:\Documents and Settings\All Users\Application Data\napoxota.vbs C:\Documents and Settings\All Users\Application Data\nofequlyvy.dll C:\Documents and Settings\All Users\Application Data\nuhixedo.vbs C:\Documents and Settings\All Users\Application Data\ywim.dat C:\Documents and Settings\Hilde\Application Data\inuj.bin C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin C:\Documents and Settings\Hilde\Application Data\lyzy.dll C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin C:\Program Files\Common Files\eranyxu.db C:\Program Files\Common Files\faxeqiwefa.pif C:\Program Files\Common Files\jevuxaj._dl C:\Program Files\Common Files\kykahudohi.reg C:\Program Files\Common Files\pyjuwoses.pif C:\Program Files\Common Files\wihabiki.lib C:\Program Files\Common Files\xorutel._sy C:\Program Files\Common Files\zepakilyho.ban C:\Program Files\temp01 C:\WINDOWS\ecoj.bat C:\WINDOWS\gatuxece.scr C:\WINDOWS\ifixahu.reg C:\WINDOWS\ixotewabys.sys C:\WINDOWS\izaketuvyz.exe C:\WINDOWS\jonos.exe C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe C:\WINDOWS\system32\jnwnw64j.exePCH C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\rcntokdm.exe C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\umurogygyt.exe C:\WINDOWS\unitylysow.dll C:\WINDOWS\vemydudy.bat C:\WINDOWS\ylavetequ.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\fege.dat C:\Documents and Settings\All Users\Application Data\foxuqupaq.dat C:\Documents and Settings\All Users\Application Data\kovogavyt.com C:\Documents and Settings\All Users\Application Data\mowyna.dll C:\Documents and Settings\All Users\Application Data\napoxota.vbs C:\Documents and Settings\All Users\Application Data\nofequlyvy.dll C:\Documents and Settings\All Users\Application Data\nuhixedo.vbs C:\Documents and Settings\All Users\Application Data\ywim.dat C:\Documents and Settings\Hilde\Application Data\inuj.bin C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin C:\Documents and Settings\Hilde\Application Data\lyzy.dll C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\Deewoo.lnk C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\DW_Start.lnk C:\Program Files\Common Files\eranyxu.db C:\Program Files\Common Files\faxeqiwefa.pif C:\Program Files\Common Files\jevuxaj._dl C:\Program Files\Common Files\kykahudohi.reg C:\Program Files\Common Files\pyjuwoses.pif C:\Program Files\Common Files\wihabiki.lib C:\Program Files\Common Files\xorutel._sy C:\Program Files\Common Files\zepakilyho.ban C:\Program Files\temp01 C:\temp\dmpxp32 C:\temp\dmpxp32\sakldsr.log C:\WINDOWS\ecoj.bat C:\WINDOWS\gatuxece.scr C:\WINDOWS\ifixahu.reg C:\WINDOWS\ixotewabys.sys C:\WINDOWS\izaketuvyz.exe C:\WINDOWS\jonos.exe C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll C:\WINDOWS\system32\4056v C:\WINDOWS\system32\4056v\hgvram102.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\jnwnw64j.exePCH C:\WINDOWS\system32\logXv18 C:\WINDOWS\system32\logXv18\logXv182328.exe C:\WINDOWS\system32\moL1 C:\WINDOWS\system32\moL1\poEbdl7.exe C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\rcntokdm.exe C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\xA C:\WINDOWS\system32\xA\axdparsdll.exe C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\umurogygyt.exe C:\WINDOWS\unitylysow.dll C:\WINDOWS\vemydudy.bat C:\WINDOWS\ylavetequ.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))) . 2009-04-15 05:06 . 2009-04-15 05:10 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Logitech 2009-04-15 05:06 . 2005-10-05 12:00 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys 2009-04-15 05:06 . 2006-12-22 16:50 27,536 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys 2009-04-15 05:06 . 2005-10-05 12:00 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys 2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-04-15 05:04 . 2009-04-15 05:07 <DIR> d-------- C:\Program Files\Logitech 2009-04-15 05:04 . 2009-04-15 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2009-04-15 05:03 . 2009-04-15 05:03 <DIR> d-------- C:\Program Files\WIDCOMM 2009-04-15 05:03 . 2006-12-04 23:33 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys 2009-04-15 05:03 . 2006-12-04 23:33 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys 2009-04-15 05:03 . 2006-12-04 23:33 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll 2009-04-15 05:03 . 2006-12-04 23:33 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys 2009-04-15 05:03 . 2006-12-04 23:33 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys 2009-04-15 05:03 . 2006-12-04 23:33 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys 2009-04-14 22:30 . 2008-04-04 11:02 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Microsoft Games 2009-04-14 22:29 . 2009-04-14 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games 2009-04-14 22:24 . 2008-04-24 18:50 <DIR> d-------- C:\Program Files\Microsoft Games 2008-05-26 19:31 . 2008-05-26 19:31 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\CDBurnerXP_Soft 2008-05-26 19:30 . 2008-05-26 19:30 <DIR> d-------- C:\Program Files\CDBurnerXP 2008-05-25 11:34 . 2008-05-25 11:34 <DIR> d-------- C:\Ares Tube 2008-05-24 15:02 . 2008-05-24 15:08 <DIR> d-------- C:\Program Files\AV Music Morpher Gold 2008-05-24 15:00 . 2008-05-24 15:01 <DIR> d-------- C:\Program Files\AV Vcs 6.0 2008-05-21 13:30 . 2008-05-21 13:30 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-05-21 13:27 . 2008-05-22 21:35 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\SurfAccuracy 2008-05-21 13:27 . 2008-05-21 13:27 10 --a------ C:\Program Files\.autoreg 2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Handbrake 2008-05-15 17:23 . 2008-05-15 17:23 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\dvdcss 2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\WINDOWS\Applian FLV Player 2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\Program Files\FLV Player 2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\WINDOWS\My Video Downloader 2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\Program Files\My Video Downloader 2008-05-13 21:02 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-05-13 21:02 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-05-13 20:39 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\Jocsoft 2008-05-13 20:39 . 2008-05-13 20:42 <DIR> d-------- C:\DVDVideoSoft 2008-05-09 17:27 . 2008-05-09 17:27 1,431 --a------ C:\WINDOWS\cmgt_z.ini 2008-05-09 17:25 . 2008-05-09 17:27 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2 2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Malwarebytes 2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-08 20:37 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-08 20:37 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-07 17:15 . 2008-05-07 17:33 <DIR> d-------- C:\Program Files\3D Flash Animator 4.9.8.4 2008-05-07 17:15 . 2008-05-07 17:15 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\3DFA 2008-05-07 17:15 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-05-01 21:20 . 2008-05-01 21:20 <DIR> d--hs---- C:\WINDOWS\system32\MPK 2008-05-01 21:20 . 2008-05-28 12:33 <DIR> d--hs---- C:\Documents and Settings\All Users\Application Data\MPK 2008-05-01 21:20 . 2008-05-01 21:20 587 --a------ C:\WINDOWS\system32\runrefog.lnk 2008-05-01 14:49 . 2008-05-24 21:22 <DIR> d-------- C:\Program Files\Cheat Engine 2008-05-01 14:49 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll 2008-05-01 14:49 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll 2008-04-30 19:31 . 2008-04-30 19:34 <DIR> d-------- C:\Program Files\Ares . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 03:09 26,225 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_15_04_51_59_small.dmp.zip 2009-04-15 03:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech 2009-04-15 03:05 --------- d-----w C:\Program Files\Common Files\Logitech 2009-04-15 02:49 26,211 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_15_03_59_24_small.dmp.zip 2009-04-15 01:58 11,516,411 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_14_21_26_47_full.dmp.zip 2009-04-14 07:25 512 ----a-w C:\ScanSectorLog.dat 2008-05-29 17:30 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DNA 2008-05-29 14:20 --------- d-----w C:\Documents and Settings\Hilde\Application Data\skypePM 2008-05-29 14:20 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Skype 2008-05-24 15:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\LimeWire 2008-05-24 15:55 --------- d-----w C:\Program Files\LimeWire 2008-05-22 17:48 --------- d-----w C:\Documents and Settings\Hilde\Application Data\FrostWire 2008-05-21 11:12 481,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-21 11:12 35,874,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-21 11:12 212,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-21 11:12 2,254,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-16 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-13 19:06 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-05-13 19:04 --------- d-----w C:\Program Files\DVDVideoSoft 2008-05-13 19:02 --------- d-----w C:\Program Files\Xilisoft 2008-05-09 16:10 --------- d-----w C:\Program Files\ArtMoney 2008-05-09 04:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-08 18:27 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DeskSlide 2008-05-08 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-25 19:24 --------- d-----w C:\Program Files\Java 2008-04-25 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-25 15:44 --------- d-----w C:\Program Files\Electronic Arts 2008-04-25 15:44 --------- d-----w C:\Program Files\EA Games 2008-04-23 12:19 --------- d-----w C:\Program Files\Axis Communications 2008-04-22 15:22 --------- d-----w C:\Program Files\FrostWire 2008-04-22 14:42 --------- d-----w C:\Program Files\Virtual Earth 3D 2008-04-19 21:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\BitTorrent 2008-04-19 20:05 --------- d-----w C:\Program Files\Avi2Dvd 2008-04-19 18:07 --------- d-----w C:\Program Files\AviSynth 2.5 2008-04-19 16:04 --------- d-----w C:\Program Files\DeskSlide 2008-04-19 12:00 --------- d-----w C:\Program Files\Free Download Manager 2008-04-19 11:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Software Informer 2008-04-19 10:29 --------- d-----w C:\Program Files\EncryptDrop Free Edition 2008-04-19 10:29 --------- d-----w C:\Documents and Settings\Hilde\Application Data\EncryptDrop 2008-04-17 19:21 --------- d-----w C:\Program Files\Shareaza Applications 2008-04-17 19:21 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Shareaza 2008-04-17 18:15 --------- d-----w C:\Program Files\Cheatbook Database 2007 2008-04-16 16:48 --------- d-----w C:\Program Files\GamesBar 2008-04-16 12:04 --------- d-----w C:\Program Files\WinAVI Video Converter 2008-04-16 11:32 --------- d-----w C:\Documents and Settings\Hilde\Application Data\vlc 2008-04-16 11:26 --------- d-----w C:\Program Files\VideoLAN 2008-04-16 10:51 16,817 ----a-w C:\WINDOWS\system32\tuhag.vbs 2008-04-16 10:51 16,757 ----a-w C:\WINDOWS\system32\kovyse.bin 2008-04-16 10:51 12,484 ----a-w C:\WINDOWS\system32\ifyzede.bin 2008-04-10 16:29 --------- d-----w C:\Program Files\Native Instruments 2008-04-10 16:24 --------- d-----w C:\Program Files\WinXMedia 2008-04-08 16:01 --------- d-----w C:\Program Files\DNA 2008-04-08 16:01 --------- d-----w C:\Program Files\BitTorrent 2008-04-08 15:24 --------- d-----w C:\Program Files\BitLord 2008-04-08 14:31 33,699 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_08_12_14_23_small.dmp.zip 2008-04-08 10:10 35,948 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_07_16_20_19_small.dmp.zip 2008-04-07 14:19 35,786 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_07_12_14_49_small.dmp.zip 2008-04-07 10:12 35,971 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_06_18_07_16_small.dmp.zip 2008-04-06 16:09 18,357 ----a-w C:\WINDOWS\system32\ihog.sys 2008-04-06 16:03 36,803 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_05_09_22_06_small.dmp.zip 2008-04-05 12:32 --------- d-----w C:\Program Files\Cheating-Death 2008-04-05 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-05 07:21 27,174 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_04_09_37_06_small.dmp.zip 2008-04-04 11:16 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-04-04 07:35 29,386 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_15_05_14_19_small.dmp.zip 2008-04-01 23:35 --------- d-----w C:\Program Files\Gamenext 2008-03-31 10:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-31 10:06 --------- d-----w C:\Program Files\Axion 2008-03-30 01:27 --------- d-----w C:\Program Files\Trend Micro 2008-03-29 19:33 --------- d-----w C:\Program Files\CCleaner 2008-03-29 19:32 --------- d-----w C:\Program Files\Yahoo! 2008-03-17 15:03 12,065 ----a-w C:\WINDOWS\system32\kivajala.sys 2007-12-07 20:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-03-14 14:05 2494464] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 12:10 289088] "DeskSlide"="C:\Program Files\DeskSlide\DeskSlide.exe" [2006-08-30 23:33 774144] "ares"="C:\Program Files\Ares\Ares.exe" [2007-04-12 01:50 947200] "SurfAccuracy"="C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe" [2008-05-22 21:35 142336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-14 14:05 153136] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-14 14:05 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe] "KBD"="C:\HP\KBD\KBD.EXE" [2008-03-14 14:05 61440] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-03-14 14:05 118837] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-03-14 14:05 110592] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-14 14:05 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-14 14:05 267048] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "Logitech BT Wizard"="LBTWiz.exe" [] "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248] "encryptdrop"="C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" [2005-10-17 02:51 150016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "{75-51-1E-EC-DW}"="C:\windows\system32\jnwnw64j.exe" [ ] "{a3d56726-30ce-a965-f54d-f1ce632803b0}"="C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360] C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664] DeskPins.lnk - C:\Program Files\DeskPins\DeskPins.exe [2004-05-02 19:02:51 62464] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-04-15 05:05:03 688128] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= C:\WINDOWS\system32\Ir41_32.ax [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-03-14 14:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TabletService"=2 (0x2) "gusvc"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\MPK\\Mpk.exe"= "C:\\WINDOWS\\system32\\MPK\\MpkView.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20] R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe" [2008-01-31 09:37] R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2008-03-19 08:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-29 19:38:31 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-05-29 19:40:35 ComboFix-quarantined-files.txt 2008-05-29 17:39:44 ComboFix2.txt 2008-05-28 12:18:11 Pre-Run: 172,362,301,440 bytes beschikbaar Post-Run: 172,587,147,264 bytes beschikbaar 348 --- E O F --- 2007-12-28 14:27:14

Hier de log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:22:26, on 28/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\DeskSlide\DeskSlide.exe C:\Program Files\Ares\Ares.exe C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\system32\rcntokdm.exe C:\Program Files\DeskPins\DeskPins.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mysidesearch browser optimizer - {180c4481-85e4-af57-5e4a-08be179fe565} - C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: gooochi browser optimizer - {8a81846f-eede-58fb-b3fe-2ba4b0f6bc50} - C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{75-51-1E-EC-DW}] C:\windows\system32\jnwnw64j.exe DWram O4 - HKLM\..\Run: [{a3d56726-30ce-a965-f54d-f1ce632803b0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" DllStart O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntokdm.exe O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe O4 - Startup: DW_Start.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- End of file - 11230 bytes

Hier combofix log hjactis lg komt er aan: ComboFix 08-05-27.4 - Hilde 2008-05-28 14:04:32.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.422 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Hilde\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Hilde\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\dbar C:\Program Files\dbar\deskbar.dll C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\BM532462df.xml C:\WINDOWS\Fonts\' C:\WINDOWS\pskt.ini C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\ C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\asappsrv.dll C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\command.exe C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\pAIRKH15xqhOtqUSvmEQKIxDv3U5vrg.vbs C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe . ---- Previous Run ------- . C:\Program Files\GamesBar\oberontb.dll C:\Program Files\WinReanimator C:\Program Files\WinReanimator\data\daily.cvd C:\Program Files\WinReanimator\htmlayout.dll C:\Program Files\WinReanimator\install.exe C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcp80.dll C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll C:\Program Files\WinReanimator\pthreadVC2.dll C:\Program Files\WinReanimator\un.ico C:\Program Files\WinReanimator\unzip32.dll C:\Program Files\WinReanimator\WinReanimator.cfg C:\Program Files\WinReanimator\WinReanimator.dll C:\Program Files\WinReanimator\WinReanimator.exe C:\WINDOWS\braviax.exe C:\WINDOWS\cru629.dat C:\WINDOWS\pskt.ini C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\braviax.exe C:\WINDOWS\system32\cru629.dat C:\WINDOWS\system32\gzmrot-uninst.exe C:\WINDOWS\system32\gzmrotate.dll C:\WINDOWS\system32\univrs32.dat C:\WINDOWS\system32\users32.dat C:\WINDOWS\system32\winivstr.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_cmdService (((((((((((((((((((( Bestanden Gemaakt van 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))) . 2009-04-15 05:06 . 2009-04-15 05:10 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Logitech 2009-04-15 05:06 . 2005-10-05 12:00 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys 2009-04-15 05:06 . 2006-12-22 16:50 27,536 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys 2009-04-15 05:06 . 2005-10-05 12:00 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys 2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-04-15 05:04 . 2009-04-15 05:07 <DIR> d-------- C:\Program Files\Logitech 2009-04-15 05:04 . 2009-04-15 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2009-04-15 05:03 . 2009-04-15 05:03 <DIR> d-------- C:\Program Files\WIDCOMM 2009-04-15 05:03 . 2006-12-04 23:33 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys 2009-04-15 05:03 . 2006-12-04 23:33 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys 2009-04-15 05:03 . 2006-12-04 23:33 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll 2009-04-15 05:03 . 2006-12-04 23:33 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys 2009-04-15 05:03 . 2006-12-04 23:33 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys 2009-04-15 05:03 . 2006-12-04 23:33 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys 2009-04-14 22:30 . 2008-04-04 11:02 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Microsoft Games 2009-04-14 22:29 . 2009-04-14 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games 2009-04-14 22:24 . 2008-04-24 18:50 <DIR> d-------- C:\Program Files\Microsoft Games 2008-05-27 15:41 . 2008-05-27 15:41 370,688 --a------ C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll 2008-05-26 19:31 . 2008-05-26 19:31 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\CDBurnerXP_Soft 2008-05-26 19:30 . 2008-05-26 19:30 <DIR> d-------- C:\Program Files\CDBurnerXP 2008-05-25 11:34 . 2008-05-25 11:34 <DIR> d-------- C:\Ares Tube 2008-05-25 11:05 . 2008-05-25 11:05 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._ 2008-05-25 11:05 . 2008-05-25 11:05 687,592 --a------ C:\WINDOWS\system32\atmtd.dll 2008-05-24 15:02 . 2008-05-24 15:08 <DIR> d-------- C:\Program Files\AV Music Morpher Gold 2008-05-24 15:00 . 2008-05-24 15:01 <DIR> d-------- C:\Program Files\AV Vcs 6.0 2008-05-24 11:27 . 2008-05-24 11:27 200,765 --a------ C:\WINDOWS\system32\rcntokdm.exe 2008-05-23 20:32 . 2008-05-23 20:32 95,833 --a------ C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe 2008-05-23 20:28 . 2008-05-23 20:28 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-05-23 16:28 . 2008-05-27 17:37 63,918 --a------ C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe 2008-05-22 08:38 . 2008-05-22 08:38 49,193 --a------ C:\WINDOWS\system32\jnwnw64j.exePCH 2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\xA 2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\moL1 2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\logXv18 2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\4056v 2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\temp\dmpxp32 2008-05-22 08:15 . 2008-05-22 08:15 861 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-05-21 13:30 . 2008-05-21 13:30 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-05-21 13:27 . 2008-05-22 21:35 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\SurfAccuracy 2008-05-21 13:27 . 2008-05-21 13:27 10 --a------ C:\Program Files\.autoreg 2008-05-19 15:55 . 2008-05-19 15:55 439,808 --a------ C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll 2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Handbrake 2008-05-15 17:23 . 2008-05-15 17:23 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\dvdcss 2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\WINDOWS\Applian FLV Player 2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\Program Files\FLV Player 2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\WINDOWS\My Video Downloader 2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\Program Files\My Video Downloader 2008-05-13 21:02 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-05-13 21:02 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-05-13 20:39 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\Jocsoft 2008-05-13 20:39 . 2008-05-13 20:42 <DIR> d-------- C:\DVDVideoSoft 2008-05-09 17:27 . 2008-05-09 17:27 1,431 --a------ C:\WINDOWS\cmgt_z.ini 2008-05-09 17:25 . 2008-05-09 17:27 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2 2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Malwarebytes 2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-08 20:37 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-08 20:37 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-07 17:15 . 2008-05-07 17:33 <DIR> d-------- C:\Program Files\3D Flash Animator 4.9.8.4 2008-05-07 17:15 . 2008-05-07 17:15 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\3DFA 2008-05-07 17:15 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-05-01 21:20 . 2008-05-01 21:20 <DIR> d--hs---- C:\WINDOWS\system32\MPK 2008-05-01 21:20 . 2008-05-28 12:33 <DIR> d--hs---- C:\Documents and Settings\All Users\Application Data\MPK 2008-05-01 21:20 . 2008-05-01 21:20 587 --a------ C:\WINDOWS\system32\runrefog.lnk 2008-05-01 14:49 . 2008-05-24 21:22 <DIR> d-------- C:\Program Files\Cheat Engine 2008-05-01 14:49 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll 2008-05-01 14:49 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll 2008-04-30 19:31 . 2008-04-30 19:34 <DIR> d-------- C:\Program Files\Ares . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 03:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech 2009-04-15 03:05 --------- d-----w C:\Program Files\Common Files\Logitech 2009-04-14 07:25 512 ----a-w C:\ScanSectorLog.dat 2008-05-28 12:14 --------- d-----w C:\Documents and Settings\Hilde\Application Data\skypePM 2008-05-28 12:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DNA 2008-05-24 15:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\LimeWire 2008-05-24 15:55 --------- d-----w C:\Program Files\LimeWire 2008-05-22 17:48 --------- d-----w C:\Documents and Settings\Hilde\Application Data\FrostWire 2008-05-21 11:12 481,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-21 11:12 35,874,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-21 11:12 212,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-21 11:12 2,254,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-16 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-13 19:06 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-05-13 19:04 --------- d-----w C:\Program Files\DVDVideoSoft 2008-05-13 19:02 --------- d-----w C:\Program Files\Xilisoft 2008-05-09 16:10 --------- d-----w C:\Program Files\ArtMoney 2008-05-09 04:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-08 18:27 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DeskSlide 2008-05-08 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-25 19:24 --------- d-----w C:\Program Files\Java 2008-04-25 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-25 15:44 --------- d-----w C:\Program Files\Electronic Arts 2008-04-25 15:44 --------- d-----w C:\Program Files\EA Games 2008-04-23 12:19 --------- d-----w C:\Program Files\Axis Communications 2008-04-22 15:22 --------- d-----w C:\Program Files\FrostWire 2008-04-22 14:42 --------- d-----w C:\Program Files\Virtual Earth 3D 2008-04-19 21:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\BitTorrent 2008-04-19 20:05 --------- d-----w C:\Program Files\Avi2Dvd 2008-04-19 18:07 --------- d-----w C:\Program Files\AviSynth 2.5 2008-04-19 16:04 --------- d-----w C:\Program Files\DeskSlide 2008-04-19 12:00 --------- d-----w C:\Program Files\Free Download Manager 2008-04-19 11:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Software Informer 2008-04-19 10:29 --------- d-----w C:\Program Files\EncryptDrop Free Edition 2008-04-19 10:29 --------- d-----w C:\Documents and Settings\Hilde\Application Data\EncryptDrop 2008-04-17 19:21 --------- d-----w C:\Program Files\Shareaza Applications 2008-04-17 19:21 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Shareaza 2008-04-17 18:15 --------- d-----w C:\Program Files\Cheatbook Database 2007 2008-04-16 16:48 --------- d-----w C:\Program Files\GamesBar 2008-04-16 12:04 --------- d-----w C:\Program Files\WinAVI Video Converter 2008-04-16 11:32 --------- d-----w C:\Documents and Settings\Hilde\Application Data\vlc 2008-04-16 11:26 --------- d-----w C:\Program Files\VideoLAN 2008-04-16 10:51 14,312 ----a-w C:\Documents and Settings\Hilde\Application Data\inuj.bin 2008-04-16 10:51 14,299 ----a-w C:\WINDOWS\ixotewabys.sys 2008-04-16 10:51 13,249 ----a-w C:\Program Files\Common Files\eranyxu.db 2008-04-16 10:51 12,991 ----a-w C:\WINDOWS\izaketuvyz.exe 2008-04-16 10:51 12,590 ----a-w C:\WINDOWS\ecoj.bat 2008-04-16 10:51 11,505 ----a-w C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin 2008-04-10 16:29 --------- d-----w C:\Program Files\Native Instruments 2008-04-10 16:24 --------- d-----w C:\Program Files\WinXMedia 2008-04-08 16:01 --------- d-----w C:\Program Files\DNA 2008-04-08 16:01 --------- d-----w C:\Program Files\BitTorrent 2008-04-08 15:24 --------- d-----w C:\Program Files\BitLord 2008-04-06 16:09 19,886 ----a-w C:\Documents and Settings\All Users\Application Data\nofequlyvy.dll 2008-04-06 16:09 19,755 ----a-w C:\Documents and Settings\All Users\Application Data\ywim.dat 2008-04-06 16:09 18,003 ----a-w C:\Program Files\Common Files\wihabiki.lib 2008-04-06 16:09 14,547 ----a-w C:\WINDOWS\gatuxece.scr 2008-04-06 16:09 13,907 ----a-w C:\Documents and Settings\Hilde\Application Data\lyzy.dll 2008-04-06 16:09 12,327 ----a-w C:\WINDOWS\jonos.exe 2008-04-06 16:09 11,932 ----a-w C:\Documents and Settings\All Users\Application Data\kovogavyt.com 2008-04-06 16:09 11,882 ----a-w C:\Documents and Settings\All Users\Application Data\nuhixedo.vbs 2008-04-05 12:32 --------- d-----w C:\Program Files\Cheating-Death 2008-04-05 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-04 11:16 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-04-01 23:41 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Skype 2008-04-01 23:35 --------- d-----w C:\Program Files\Gamenext 2008-03-31 10:06 --------- d-----w C:\Program Files\Axion 2008-03-30 01:27 --------- d-----w C:\Program Files\Trend Micro 2008-03-29 19:33 --------- d-----w C:\Program Files\CCleaner 2008-03-29 19:32 --------- d-----w C:\Program Files\Yahoo! 2008-03-26 11:56 0 ----a-w C:\Program Files\temp01 2008-03-22 18:04 18,620 ----a-w C:\WINDOWS\umurogygyt.exe 2008-03-22 18:04 18,308 ----a-w C:\WINDOWS\vemydudy.bat 2008-03-22 18:04 17,984 ----a-w C:\Documents and Settings\All Users\Application Data\napoxota.vbs 2008-03-22 18:04 13,800 ----a-w C:\Program Files\Common Files\xorutel._sy 2008-03-22 18:04 11,926 ----a-w C:\Documents and Settings\All Users\Application Data\mowyna.dll 2008-03-17 15:03 18,821 ----a-w C:\Program Files\Common Files\zepakilyho.ban 2008-03-17 15:03 18,712 ----a-w C:\Documents and Settings\All Users\Application Data\foxuqupaq.dat 2008-03-17 15:03 17,773 ----a-w C:\Documents and Settings\All Users\Application Data\fege.dat 2008-03-17 15:03 16,775 ----a-w C:\WINDOWS\ylavetequ.dll 2008-03-17 15:03 16,304 ----a-w C:\Program Files\Common Files\faxeqiwefa.pif 2008-03-17 15:03 15,829 ----a-w C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin 2008-03-17 15:03 14,545 ----a-w C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll 2008-03-17 15:03 14,488 ----a-w C:\WINDOWS\ifixahu.reg 2008-03-17 15:03 14,309 ----a-w C:\Program Files\Common Files\kykahudohi.reg 2008-03-17 15:03 12,674 ----a-w C:\Program Files\Common Files\jevuxaj._dl 2008-03-17 15:03 11,529 ----a-w C:\Program Files\Common Files\pyjuwoses.pif 2008-03-17 15:03 11,466 ----a-w C:\WINDOWS\unitylysow.dll 2007-12-07 20:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . Files Infected - Win32.Agent.zb C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Electronic Arts\EADM\Core.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{180c4481-85e4-af57-5e4a-08be179fe565}] 2008-05-19 15:55 439808 --a------ C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a81846f-eede-58fb-b3fe-2ba4b0f6bc50}] 2008-05-27 15:41 370688 --a------ C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-03-14 14:05 2494464] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 12:10 289088] "DeskSlide"="C:\Program Files\DeskSlide\DeskSlide.exe" [2006-08-30 23:33 774144] "ares"="C:\Program Files\Ares\Ares.exe" [2007-04-12 01:50 947200] "ReJf5vH"="C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe" [2008-05-21 13:27 13824] "SurfAccuracy"="C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe" [2008-05-22 21:35 142336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-14 14:05 153136] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-14 14:05 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe] "KBD"="C:\HP\KBD\KBD.EXE" [2008-03-14 14:05 61440] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-03-14 14:05 118837] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-03-14 14:05 110592] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-14 14:05 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-14 14:05 267048] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "Logitech BT Wizard"="LBTWiz.exe" [] "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248] "encryptdrop"="C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" [2005-10-17 02:51 150016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "{75-51-1E-EC-DW}"="C:\windows\system32\jnwnw64j.exe" [ ] "{a3d56726-30ce-a965-f54d-f1ce632803b0}"="C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" [2008-05-27 15:41 370688] "ExploreUpdSched"="C:\WINDOWS\system32\rcntokdm.exe" [2008-05-24 11:27 200765] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360] C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664] Deewoo.lnk - C:\WINDOWS\system32\rcntokdm.exe [2008-05-24 11:27:02 200765] DeskPins.lnk - C:\Program Files\DeskPins\DeskPins.exe [2004-05-02 19:02:51 62464] DW_Start.lnk - C:\WINDOWS\system32\jnwnw64j.exePCH [2008-05-22 08:38:32 49193] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-04-15 05:05:03 688128] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= C:\WINDOWS\system32\Ir41_32.ax [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-03-14 14:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator] C:\Program Files\WinReanimator\winreanimator.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TabletService"=2 (0x2) "gusvc"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\MPK\\Mpk.exe"= "C:\\WINDOWS\\system32\\MPK\\MpkView.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20] R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe" [2008-01-31 09:37] R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14] S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys [] . Inhoud van de 'Gedeelde Taken' map "2008-03-19 08:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-28 14:13:54 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Voltooingstijd: 2008-05-28 14:18:10 - machine was rebooted [Hilde] ComboFix-quarantined-files.txt 2008-05-28 12:18:07 Pre-Run: 168,919,736,320 bytes beschikbaar Post-Run: 172,606,627,840 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 381 --- E O F --- 2007-12-28 14:27:14

Heb het al

Heb je een link voor combo want die er boven is geen link

Opgelsost van een detail

Ja had ik daarna ook gelzen maar nu weet ik niet wat ik moey pakken ik heb home maar moet ik nu 1 of 2 pakken

Maar er stat dit 1.Plaats de cd-rom van Windows XP in het cd-rom-station.2.Klik op Start en klik op Uitvoeren.3.Typ d:\i386\winnt32.exe /cmdcons in het vak Openen, waarbij d de stationsletter is voor het cd-rom-station.4.Er wordt een Windows Setup-dialoogvenster weergegeven. In het Windows Setup-dialoogvenster wordt de optie Herstelconsole beschreven. Klik op Ja om de installatie te bevestigen.5.Start de computer opnieuw op. De volgende keer dat u de computer opstart, wordt 'Microsoft Windows Herstelconsole' weergegeven in het opstartmenu.U kunt ook een UNC-verbinding (Universal Naming Convention) gebruiken om de herstelconsole te installeren vanaf een gedeeld netwerkpunt.

Ik heb geen xp cd, dus zal ik het maar uitvoeren zeker

Moet ik een herstelconsole instellen bij combofix

Hier de inhoud: Deleting files C:\WINDOWS\System32\atmtd.dll deleted C:\WINDOWS\System32\atmtd.dll._ deleted C:\WINDOWS\System32\g50.exe deleted C:\WINDOWS\System32\gside.exe deleted renamed to C:\WINDOWS\System32\jnwnw64j.exePCH C:\WINDOWS\System32\jnwnw64j.exe deleted C:\WINDOWS\System32\pmnmligf.dll deleted C:\WINDOWS\System32\qelcyffu.dll deleted C:\WINDOWS\System32\rcntokdm.exe deleted C:\WINDOWS\System32\rqRHaBTn.dll deleted C:\WINDOWS\System32\rwwnw64d.exe deleted C:\WINDOWS\System32\tayaxhix.exe deleted C:\WINDOWS\System32\vmacoeqk.dll deleted Ps. Krijg ik nu geen foutmelding eer bij combofix?

Hier het logje: ======C:\WINDOWS==== ----a-w 876 2008-03-27 19:09:01 C:\WINDOWS\$_hpcst$.hpc ----a-w 0 2008-05-23 14:27:52 C:\WINDOWS\0.log ----a-w 81,920 2008-04-28 10:41:13 C:\WINDOWS\ALCFDRTM.VER ----a-w 8,080 2008-05-14 17:10:55 C:\WINDOWS\Applian FLV Player Setup Log.txt ----a-w 17,504 2008-04-06 16:09:50 C:\WINDOWS\apulymewu.ban ----a-w 20,278 2008-05-22 18:22:32 C:\WINDOWS\BM532462df.txt ----a-w 109,875 2008-05-22 18:06:57 C:\WINDOWS\BM532462df.xml --s-a-w 2,048 2008-05-23 14:27:06 C:\WINDOWS\bootstat.dat ----a-w 1,431 2008-05-09 15:27:33 C:\WINDOWS\cmgt_z.ini ----a-w 205,910 2009-04-15 03:06:11 C:\WINDOWS\comsetup.log ----a-w 128,883 2009-04-14 20:29:52 C:\WINDOWS\DirectX.log ----a-w 35,514 2009-04-15 03:06:31 C:\WINDOWS\DPINST.LOG ----a-w 12,590 2008-04-16 10:51:45 C:\WINDOWS\ecoj.bat ----a-w 530 2008-03-23 19:29:12 C:\WINDOWS\eReg.dat ----a-w 574,777 2009-04-15 03:06:10 C:\WINDOWS\FaxSetup.log ----a-w 14,547 2008-04-06 16:09:50 C:\WINDOWS\gatuxece.scr ----a-w 52 2008-05-09 15:18:21 C:\WINDOWS\GunzLauncher.INI ----a-w 965 2008-05-14 14:35:18 C:\WINDOWS\IE4 Error Log.txt ----a-w 14,214 2008-03-22 18:04:12 C:\WINDOWS\ifacix._sy ----a-w 14,488 2008-03-17 15:03:41 C:\WINDOWS\ifixahu.reg ----a-w 666,955 2009-04-15 03:06:11 C:\WINDOWS\iis6.log ----a-w 1,374 2009-04-15 03:06:11 C:\WINDOWS\imsins.log ----a-w 16,224 2008-04-06 16:09:50 C:\WINDOWS\iraqukuq.dat ----a-w 14,299 2008-04-16 10:51:45 C:\WINDOWS\ixotewabys.sys ----a-w 12,991 2008-04-16 10:51:45 C:\WINDOWS\izaketuvyz.exe ----a-w 12,327 2008-04-06 16:09:50 C:\WINDOWS\jonos.exe ----a-w 86 2009-04-15 03:06:32 C:\WINDOWS\KE.log ----a-w 179 2009-04-15 03:07:29 C:\WINDOWS\LDM.log ----a-w 36 2008-03-27 19:15:52 C:\WINDOWS\lnpth.lnf ----a-w 40,456 2009-04-15 03:06:10 C:\WINDOWS\MedCtrOC.log ----a-w 29,160 2009-04-15 03:06:10 C:\WINDOWS\msgsocm.log ----a-w 185,032 2009-04-15 03:06:05 C:\WINDOWS\msmqinst.log ----a-w 18,520 2008-05-15 06:42:22 C:\WINDOWS\My Video Downloader Setup Log.txt ----a-w 69 2008-05-06 10:29:05 C:\WINDOWS\NeroDigital.ini ----a-w 101,852 2009-04-15 03:06:10 C:\WINDOWS\netfxocm.log ----a-w 15,870 2008-04-06 16:09:50 C:\WINDOWS\nigegyvaj.ban ----a-w 123,204 2009-04-15 03:06:11 C:\WINDOWS\ntdtcsetup.log ----a-w 282,861 2009-04-15 03:06:10 C:\WINDOWS\ocgen.log ----a-w 36,094 2009-04-15 03:06:11 C:\WINDOWS\ocmsn.log ----a-w 18,040 2008-04-06 16:09:50 C:\WINDOWS\oqoli.lib ----a-w 173 2009-04-15 03:07:03 C:\WINDOWS\ot.log ----a-w 15,019 2008-03-17 15:03:41 C:\WINDOWS\pihaher.db ----a-w 10 2008-04-01 23:30:24 C:\WINDOWS\popcinfo.dat ----a-w 22 2008-05-22 17:43:00 C:\WINDOWS\pskt.ini ----a-w 1,409 2008-04-10 06:13:48 C:\WINDOWS\QTFont.for ---ha-w 54,156 2008-05-23 14:27:25 C:\WINDOWS\QTFont.qfn ----a-w 14,550 2008-04-16 10:51:45 C:\WINDOWS\reqewaqo.ban ----a-w 40 2008-04-10 19:10:07 C:\WINDOWS\RSoftInfo.dat ----a-w 32,632 2008-05-22 19:46:08 C:\WINDOWS\SchedLgU.Txt ----a-w 202,370 2009-04-15 03:12:46 C:\WINDOWS\setupact.log ----a-w 647,933 2008-04-23 12:21:30 C:\WINDOWS\setupapi.log ----a-w 10,826 2008-04-06 16:09:50 C:\WINDOWS\sevuge.dat ----a-w 227 2008-04-05 19:01:43 C:\WINDOWS\system.ini ----a-w 29,553 2009-04-15 03:06:11 C:\WINDOWS\tabletoc.log ----a-w 268,668 2009-04-15 03:06:11 C:\WINDOWS\tsoc.log ----a-w 18,620 2008-03-22 18:04:12 C:\WINDOWS\umurogygyt.exe ----a-w 11,466 2008-03-17 15:03:41 C:\WINDOWS\unitylysow.dll ----a-w 13,673 2008-03-17 15:03:41 C:\WINDOWS\uxidute._sy ----a-w 18,308 2008-03-22 18:04:12 C:\WINDOWS\vemydudy.bat ----a-w 4,663 2009-04-15 03:06:11 C:\WINDOWS\Wdf01005Inst.log ----a-w 159 2008-05-23 14:27:33 C:\WINDOWS\wiadebug.log ----a-w 49 2008-05-23 14:27:30 C:\WINDOWS\wiaservc.log ----a-w 768 2008-04-17 18:15:07 C:\WINDOWS\win.ini ----a-w 1,400,826 2008-05-22 19:46:06 C:\WINDOWS\WindowsUpdate.log ----a-w 92,340 2008-05-10 20:42:24 C:\WINDOWS\wmsetup.log ----a-w 12,786 2008-03-17 15:03:41 C:\WINDOWS\ycevigu.ban ----a-w 16,775 2008-03-17 15:03:41 C:\WINDOWS\ylavetequ.dll ----a-w 15,581 2008-04-16 10:51:45 C:\WINDOWS\yxiraza._sy Entries: 68 (66) Directories: 0 Files: 68 Bytes: 5,703,713 Blocks: 11,174 ======C:\WINDOWS\system32===== ----a-w 16,644 2008-04-06 16:09:50 C:\WINDOWS\System32\ahebysora.lib ----a-w 687,592 2008-05-22 19:38:22 C:\WINDOWS\System32\atmtd.dll ----a-w 687,592 2008-05-22 19:38:22 C:\WINDOWS\System32\atmtd.dll._ ----a-w 15 2008-05-22 14:32:11 C:\WINDOWS\System32\clkcnt.txt ----a-w 98,304 2008-03-31 10:08:55 C:\WINDOWS\System32\CmdLineExt.dll ----a-w 385,608 2008-05-16 07:46:52 C:\WINDOWS\System32\FNTCACHE.DAT ----a-w 401,977 2008-05-22 06:15:22 C:\WINDOWS\System32\g50.exe ----a-w 298,317 2008-05-22 14:29:23 C:\WINDOWS\System32\gside.exe ----a-w 12,484 2008-04-16 10:51:45 C:\WINDOWS\System32\ifyzede.bin ----a-w 18,357 2008-04-06 16:09:50 C:\WINDOWS\System32\ihog.sys ----a-w 49,193 2008-05-22 06:38:32 C:\WINDOWS\System32\jnwnw64j.exe ----a-w 6,300 2008-04-25 19:24:43 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log ----a-w 12,065 2008-03-17 15:03:41 C:\WINDOWS\System32\kivajala.sys ----a-w 16,757 2008-04-16 10:51:45 C:\WINDOWS\System32\kovyse.bin ----a-w 147 2008-05-23 14:27:59 C:\WINDOWS\System32\msnav32.ax ----a-w 64,508 2008-04-22 14:39:37 C:\WINDOWS\System32\perfc009.dat ----a-w 84,506 2008-04-22 14:39:37 C:\WINDOWS\System32\perfc013.dat ----a-w 409,368 2008-04-22 14:39:37 C:\WINDOWS\System32\perfh009.dat ----a-w 475,102 2008-04-22 14:39:37 C:\WINDOWS\System32\perfh013.dat ----a-w 1,041,278 2008-04-22 14:39:37 C:\WINDOWS\System32\PerfStringBackup.INI ------w 28,672 2008-05-22 19:35:08 C:\WINDOWS\System32\pmnmligf.dll ------w 93,184 2008-05-22 19:35:06 C:\WINDOWS\System32\qelcyffu.dll ------w 200,770 2008-05-22 19:35:08 C:\WINDOWS\System32\rcntokdm.exe ------w 376,832 2008-05-22 19:35:06 C:\WINDOWS\System32\rqRHaBTn.dll ----a-w 587 2008-05-01 19:20:24 C:\WINDOWS\System32\runrefog.lnk ----a-w 49,210 2008-05-22 19:38:10 C:\WINDOWS\System32\rwwnw64d.exe ----a-w 2,560 2008-05-22 06:26:05 C:\WINDOWS\System32\tayaxhix.exe ----a-w 16,817 2008-04-16 10:51:45 C:\WINDOWS\System32\tuhag.vbs ----a-w 147,456 2008-05-21 11:30:31 C:\WINDOWS\System32\vbzip10.dll ------w 109,056 2008-05-22 19:35:08 C:\WINDOWS\System32\vmacoeqk.dll ----a-w 861 2008-05-22 06:15:44 C:\WINDOWS\System32\winpfz33.sys ----a-w 2,206 2008-05-23 14:28:15 C:\WINDOWS\System32\wpa.dbl ---h--w 4,212 2008-05-21 10:30:17 C:\WINDOWS\System32\zllictbl.dat ------w 439,808 2008-05-22 19:35:08 C:\WINDOWS\System32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll ----a-w 330,752 2008-05-05 16:24:34 C:\WINDOWS\System32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll ----a-w 63,902 2008-05-23 14:28:10 C:\WINDOWS\System32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe Entries: 36 (35) Directories: 0 Files: 36 Bytes: 6,632,999 Blocks: 12,969 ======C:\WINDOWS\system32\drivers===== --sha-w 35,874,080 2008-05-21 11:12:09 C:\WINDOWS\System32\drivers\fidbox.dat --sha-w 481,532 2008-05-21 11:12:09 C:\WINDOWS\System32\drivers\fidbox.idx --sha-w 2,254,624 2008-05-21 11:12:10 C:\WINDOWS\System32\drivers\fidbox2.dat --sha-w 212,444 2008-05-21 11:12:10 C:\WINDOWS\System32\drivers\fidbox2.idx ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys ---ha-w 0 2009-04-15 03:06:13 C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf ---ha-w 0 2009-04-15 03:06:18 C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf Entries: 8 (2) Directories: 0 Files: 8 Bytes: 38,865,592 Blocks: 75,911 =======C:\Program Files===== ----a-w 10 2008-05-21 11:27:09 C:\Program Files\.autoreg ----a-w 0 2008-03-26 11:56:55 C:\Program Files\temp01 Entries: 2 (2) Directories: 0 Files: 2 Bytes: 10 Blocks: 1 =======C:===== ----a-w 57 2008-04-19 18:21:08 C:\Avi2Dvd_Log.txt --sh--w 211 2008-04-05 19:01:43 C:\boot.ini ----a-w 277 2008-03-22 16:35:05 C:\debugInstaller.txt --sha-w 1,610,612,736 2008-05-23 14:27:03 C:\pagefile.sys ----a-w 512 2009-04-14 07:25:42 C:\ScanSectorLog.dat ----a-w 216 2008-05-13 19:02:08 C:\temp.txt Entries: 6 (4) Directories: 0 Files: 6 Bytes: 1,610,614,009 Blocks: 3,145,733 ======C:\Documents and Settings\Hilde\Application Data====== ----a-w 14,969 2008-03-22 18:04:12 C:\Documents and Settings\Hilde\Application Data\bojovisime.lib ----a-w 14,312 2008-04-16 10:51:45 C:\Documents and Settings\Hilde\Application Data\inuj.bin ----a-w 11,505 2008-04-16 10:51:45 C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin ----a-w 17,115 2008-04-06 16:09:50 C:\Documents and Settings\Hilde\Application Data\keqy.inf ----a-w 13,170 2008-03-22 18:04:11 C:\Documents and Settings\Hilde\Application Data\ledu.db ----a-w 13,907 2008-04-06 16:09:50 C:\Documents and Settings\Hilde\Application Data\lyzy.dll ----a-w 14,545 2008-03-17 15:03:41 C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll ----a-w 15,319 2008-03-22 18:04:11 C:\Documents and Settings\Hilde\Application Data\qakimatet.dl ----a-w 15,829 2008-03-17 15:03:41 C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin ----a-w 15,603 2008-03-17 15:03:41 C:\Documents and Settings\Hilde\Application Data\ukytyvy.ban ----a-w 19,478 2008-04-16 10:51:45 C:\Documents and Settings\Hilde\Application Data\wocox.lib Entries: 11 (11) Directories: 0 Files: 11 Bytes: 165,752 Blocks: 329 ======C:\Temp====== ----a-w 175,653 2008-05-13 19:07:23 C:\Temp\clip0001.mp4 ----a-w 300 2008-03-18 16:52:22 C:\Temp\debug.txt Entries: 2 (2) Directories: 0 Files: 2 Bytes: 175,953 Blocks: 345 ======C:\Documents and Settings\Hilde====== ---ha-w 5,767,168 2008-05-22 19:46:11 C:\Documents and Settings\Hilde\NTUSER.DAT ---ha-w 192,512 2008-05-23 18:17:32 C:\Documents and Settings\Hilde\NTUSER.DAT.LOG --sh--w 188 2008-05-22 19:46:06 C:\Documents and Settings\Hilde\ntuser.ini Entries: 3 (0) Directories: 0 Files: 3 Bytes: 5,959,868 Blocks: 11,641 ======C:\WINDOWS\Downloaded Program Files==== Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 ============= En wat bedoel je met En hierna mag je ook eens praten met H..de.

Hier de Mal ware bytes log Malwarebytes' Anti-Malware 1.12 Database versie: 722 Scan type: Snelle Scan Objecten gescand: 57931 Verstreken tijd: 20 minute(s), 9 second(s) Geheugenprocessen geïnfecteerd: 6 Geheugenmodulen geïnfecteerd: 7 Registersleutels geïnfecteerd: 65 Registerwaarden geïnfecteerd: 13 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 12 Bestanden geïnfecteerd: 87 Geheugenprocessen geïnfecteerd: c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\command.exe (AdWare.CommAd) -> Failed to unload process. c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully. c:\documents and settings\Hilde\application data\surfaccuracy\SAcc.exe (Adware.SurfAccuracy) -> Unloaded process successfully. C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Documents and Settings\Hilde\lsass.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\Fonts\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully. c:\program files\dbar\deskbar.dll (Adware.SoftMate) -> Unloaded module successfully. C:\WINDOWS\system32\qelcyffu.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\rqRHaBTn.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll (Trojan.Agent) -> Unloaded module successfully. C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll (Trojan.Agent) -> Unloaded module successfully. C:\WINDOWS\system32\pmnmligf.dll (Trojan.Vundo) -> Unloaded module successfully. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice (AdWare.CommAd) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21606823-066f-4b23-8f4a-0732f1fd5110} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{21606823-066f-4b23-8f4a-0732f1fd5110} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ysb.ysbobj (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ysb.ysbobj.1 (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{17d2f050-5fdf-11dc-8314-0800200c9a66} (Adware.Surfaccuracy) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{17d2f050-5fdf-11dc-8314-0800200c9a66} (Adware.Surfaccuracy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sacc (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{180c4481-85e4-af57-5e4a-08be179fe565} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{180c4481-85e4-af57-5e4a-08be179fe565} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7a7ed042-3d33-1fcb-267b-4e225470861e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7a7ed042-3d33-1fcb-267b-4e225470861e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8a81846f-eede-58fb-b3fe-2ba4b0f6bc50} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a81846f-eede-58fb-b3fe-2ba4b0f6bc50} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\IST (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Delete on reboot. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmligf (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SurfAccuracy (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50175143 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdater (Trojan.StartPage) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WebSUpdater (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227d9c-0efe-4f8a-aa55-30386a3f5686} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a3d56726-30ce-a965-f54d-f1ce632803b0} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM532462df (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8a290466-39bd-419b-93db-0e9599506654} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LSA Shellu (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrhabtn -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrhabtn -> Delete on reboot. Mappen geïnfecteerd: C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\YourSiteBar (Trojan.Istbar) -> Quarantined and deleted successfully. C:\Program Files\dbar (Adware.SoftMate) -> Delete on reboot. C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\SurfAccuracy (Adware.SurfAccuracy) -> Delete on reboot. C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04} (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\asappsrv.dll (AdWare.CommAd) -> Delete on reboot. c:\program files\dbar\deskbar.dll (Adware.SoftMate) -> Delete on reboot. c:\WINDOWS\vmfuiehldwnrzwxvbsatifdpbgxlbxm\command.exe (AdWare.CommAd) -> Delete on reboot. c:\program files\network monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. c:\documents and settings\Hilde\application data\surfaccuracy\SAcc.exe (Adware.SurfAccuracy) -> Delete on reboot. C:\WINDOWS\system32\qelcyffu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\uffycleq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRHaBTn.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\nTBaHRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nTBaHRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\winvi\update.exe (Trojan.StartPage) -> Quarantined and deleted successfully. C:\Program Files\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\YourSiteBar\ysb.dll (Adware.ISTBar) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\ffcomponent.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\26JLXBLJ\ffcomponent.prod.v1000001.09fev2007.dll[1].d30d4a1b47483ec718ea41c66a8491c8 (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\4JNREWD9\SAccRecover.prod.v1010.07dec2007.exe[1].48dd164426fe89f486bd77dca80a8c43 (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\9X42SVLR\installer[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\EF2F656V\SAcc.prod.v1220.13dec2007.exe[1].941e71a18d8d5612567662f2a6c404bc (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\O5WPA7SL\istdownload[1].exe (Trojan.DownLoader) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Local Settings\Temporary Internet Files\Content.IE5\UL0JYTM5\uninstaller.prod.v1009.06dec2007.exe[1].3e103a4cb5984103f7e11bb78d12e81f (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Bureaublad\setup.exe (Adware.YourSiteBar) -> Quarantined and deleted successfully. C:\Program Files\YourSiteBar\imagemap_normal.bmp (Trojan.Istbar) -> Quarantined and deleted successfully. C:\Program Files\YourSiteBar\imagemap_over.bmp (Trojan.Istbar) -> Quarantined and deleted successfully. C:\Program Files\YourSiteBar\version.txt (Trojan.Istbar) -> Quarantined and deleted successfully. C:\Program Files\YourSiteBar\yoursitebar.xml (Trojan.Istbar) -> Quarantined and deleted successfully. C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Program Files\winvi\temp\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\License.lnk (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAccU.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully. C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\mrofinu1000106.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vmacoeqk.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\rcntokdm.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\svchost.exe (Worm.IRCBot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\mrofinu1188.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcATKEV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnmligf.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\Hilde\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Maat toen mijn pc geformateerd was is er een andere versie opgezet zonder serial code kan dit problemen opleveren

Bij Combofix krijg ik een melding "U heeft niet een jiuste versie van windows xp als u verder gaat zal dit schade kunnen toedoen" of zo iets moet ik verder gaan?

Ik heb een paar dagen geleden Zone alarm verwijderd zodat ik frost wire kon opstraten. Maar nu zit heel mijn pc vol met malware en er komt ook een fout op (zie afbeelding) en als ik op oke klik dan krijg ik een blauw scherm maar ik kan alles nog opstarten met ctrl+alt+delete. Kan iemand mij helpen AUB. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:54, on 2008-05-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MPK\MPK.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe C:\WINDOWS\Fonts\svchost.exe C:\windows\system32\jnwnw64j.exe C:\Documents and Settings\Hilde\lsass.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\mrofinu1000106.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DeskSlide\DeskSlide.exe C:\Program Files\Ares\Ares.exe C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\DeskPins\DeskPins.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\rcntokdm.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Index R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe, O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [{75-51-1E-EC-DW}] C:\windows\system32\jnwnw64j.exe DWram O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Hilde\lsass.exe O4 - HKLM\..\Run: [{a3d56726-30ce-a965-f54d-f1ce632803b0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" DllInit O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rcntokdm.exe DWram O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [50175143] rundll32.exe "C:\WINDOWS\system32\qelcyffu.dll",b O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Hilde\Application Data\Deskbar_{97AAC0A8-17EF-4c93-8F5A-809BDF874F04}\starter.exe O4 - HKLM\..\Run: [bM532462df] Rundll32.exe "C:\WINDOWS\system32\vmacoeqk.dll",s O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntokdm.exe O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64j.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- End of file - 12151 bytes

Bedankt ik kan frost wire terug opstarten en hij maakt verbinding, Dit gebveurde toen ik zonealaem verwijderd had Deze mag verwijderd worden

Ik werk met een modem en mij operator is telenet

Hier Logje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:43, on 2008-05-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MPK\MPK.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DeskSlide\DeskSlide.exe C:\Program Files\Ares\Ares.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\DeskPins\DeskPins.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\system32\WgaTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe, O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10088 bytes

Ik denk dat ik het nog gebruik via e-mail en zo voor reclame Maar ik zal nog eens een hjactislogje maken

Ik heb geen draadloos netwerk en heb nog bijna nooit last gehad vanb zoneAlarm