[OPGELOST] malware en fout

[filkill]

Heb je een link voor combo want die er boven is geen link

[filkill]

Heb het al

[filkill]

Hier combofix log hjactis lg komt er aan:

ComboFix 08-05-27.4 - Hilde 2008-05-28 14:04:32.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.422 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Hilde\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\Hilde\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\dbar

C:\Program Files\dbar\deskbar.dll

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\WINDOWS\BM532462df.xml

C:\WINDOWS\Fonts\'

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\msnav32.ax

C:\WINDOWS\system32\zxdnt3d.cfg

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\asappsrv.dll

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\command.exe

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\\pAIRKH15xqhOtqUSvmEQKIxDv3U5vrg.vbs

C:\WINDOWS\VmFuIEhldWNrZWxvbSAtIFdpbGxlbXM\command.exe

.

---- Previous Run -------

.

C:\Program Files\GamesBar\oberontb.dll

C:\Program Files\WinReanimator

C:\Program Files\WinReanimator\data\daily.cvd

C:\Program Files\WinReanimator\htmlayout.dll

C:\Program Files\WinReanimator\install.exe

C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll

C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcp80.dll

C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll

C:\Program Files\WinReanimator\pthreadVC2.dll

C:\Program Files\WinReanimator\un.ico

C:\Program Files\WinReanimator\unzip32.dll

C:\Program Files\WinReanimator\WinReanimator.cfg

C:\Program Files\WinReanimator\WinReanimator.dll

C:\Program Files\WinReanimator\WinReanimator.exe

C:\WINDOWS\braviax.exe

C:\WINDOWS\cru629.dat

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\adssite-remove.exe

C:\WINDOWS\system32\braviax.exe

C:\WINDOWS\system32\cru629.dat

C:\WINDOWS\system32\gzmrot-uninst.exe

C:\WINDOWS\system32\gzmrotate.dll

C:\WINDOWS\system32\univrs32.dat

C:\WINDOWS\system32\users32.dat

C:\WINDOWS\system32\winivstr.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CMDSERVICE

-------\Legacy_NETWORK_MONITOR

-------\Service_cmdService

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))

.

2009-04-15 05:06 . 2009-04-15 05:10 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Logitech

2009-04-15 05:06 . 2005-10-05 12:00 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys

2009-04-15 05:06 . 2006-12-22 16:50 27,536 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys

2009-04-15 05:06 . 2005-10-05 12:00 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-04-15 05:04 . 2009-04-15 05:07 <DIR> d-------- C:\Program Files\Logitech

2009-04-15 05:04 . 2009-04-15 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2009-04-15 05:03 . 2009-04-15 05:03 <DIR> d-------- C:\Program Files\WIDCOMM

2009-04-15 05:03 . 2006-12-04 23:33 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

2009-04-15 05:03 . 2006-12-04 23:33 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys

2009-04-15 05:03 . 2006-12-04 23:33 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll

2009-04-15 05:03 . 2006-12-04 23:33 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys

2009-04-15 05:03 . 2006-12-04 23:33 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys

2009-04-15 05:03 . 2006-12-04 23:33 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys

2009-04-14 22:30 . 2008-04-04 11:02 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Microsoft Games

2009-04-14 22:29 . 2009-04-14 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games

2009-04-14 22:24 . 2008-04-24 18:50 <DIR> d-------- C:\Program Files\Microsoft Games

2008-05-27 15:41 . 2008-05-27 15:41 370,688 --a------ C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll

2008-05-26 19:31 . 2008-05-26 19:31 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\CDBurnerXP_Soft

2008-05-26 19:30 . 2008-05-26 19:30 <DIR> d-------- C:\Program Files\CDBurnerXP

2008-05-25 11:34 . 2008-05-25 11:34 <DIR> d-------- C:\Ares Tube

2008-05-25 11:05 . 2008-05-25 11:05 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._

2008-05-25 11:05 . 2008-05-25 11:05 687,592 --a------ C:\WINDOWS\system32\atmtd.dll

2008-05-24 15:02 . 2008-05-24 15:08 <DIR> d-------- C:\Program Files\AV Music Morpher Gold

2008-05-24 15:00 . 2008-05-24 15:01 <DIR> d-------- C:\Program Files\AV Vcs 6.0

2008-05-24 11:27 . 2008-05-24 11:27 200,765 --a------ C:\WINDOWS\system32\rcntokdm.exe

2008-05-23 20:32 . 2008-05-23 20:32 95,833 --a------ C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe

2008-05-23 20:28 . 2008-05-23 20:28 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

2008-05-23 16:28 . 2008-05-27 17:37 63,918 --a------ C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe

2008-05-22 08:38 . 2008-05-22 08:38 49,193 --a------ C:\WINDOWS\system32\jnwnw64j.exePCH

2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\xA

2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\moL1

2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\logXv18

2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\WINDOWS\system32\4056v

2008-05-22 08:15 . 2008-05-22 08:15 <DIR> d-------- C:\temp\dmpxp32

2008-05-22 08:15 . 2008-05-22 08:15 861 --a------ C:\WINDOWS\system32\winpfz33.sys

2008-05-21 13:30 . 2008-05-21 13:30 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2008-05-21 13:27 . 2008-05-22 21:35 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\SurfAccuracy

2008-05-21 13:27 . 2008-05-21 13:27 10 --a------ C:\Program Files\.autoreg

2008-05-19 15:55 . 2008-05-19 15:55 439,808 --a------ C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll

2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Handbrake

2008-05-15 17:23 . 2008-05-15 17:23 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\dvdcss

2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\WINDOWS\Applian FLV Player

2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\Program Files\FLV Player

2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\WINDOWS\My Video Downloader

2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\Program Files\My Video Downloader

2008-05-13 21:02 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-05-13 21:02 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-05-13 20:39 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\Jocsoft

2008-05-13 20:39 . 2008-05-13 20:42 <DIR> d-------- C:\DVDVideoSoft

2008-05-09 17:27 . 2008-05-09 17:27 1,431 --a------ C:\WINDOWS\cmgt_z.ini

2008-05-09 17:25 . 2008-05-09 17:27 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Malwarebytes

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-08 20:37 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 20:37 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-07 17:15 . 2008-05-07 17:33 <DIR> d-------- C:\Program Files\3D Flash Animator 4.9.8.4

2008-05-07 17:15 . 2008-05-07 17:15 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\3DFA

2008-05-07 17:15 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-05-01 21:20 . 2008-05-01 21:20 <DIR> d--hs---- C:\WINDOWS\system32\MPK

2008-05-01 21:20 . 2008-05-28 12:33 <DIR> d--hs---- C:\Documents and Settings\All Users\Application Data\MPK

2008-05-01 21:20 . 2008-05-01 21:20 587 --a------ C:\WINDOWS\system32\runrefog.lnk

2008-05-01 14:49 . 2008-05-24 21:22 <DIR> d-------- C:\Program Files\Cheat Engine

2008-05-01 14:49 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll

2008-05-01 14:49 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-04-30 19:31 . 2008-04-30 19:34 <DIR> d-------- C:\Program Files\Ares

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-15 03:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech

2009-04-15 03:05 --------- d-----w C:\Program Files\Common Files\Logitech

2009-04-14 07:25 512 ----a-w C:\ScanSectorLog.dat

2008-05-28 12:14 --------- d-----w C:\Documents and Settings\Hilde\Application Data\skypePM

2008-05-28 12:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DNA

2008-05-24 15:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\LimeWire

2008-05-24 15:55 --------- d-----w C:\Program Files\LimeWire

2008-05-22 17:48 --------- d-----w C:\Documents and Settings\Hilde\Application Data\FrostWire

2008-05-21 11:12 481,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-21 11:12 35,874,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-21 11:12 212,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-21 11:12 2,254,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-16 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 19:06 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft

2008-05-13 19:04 --------- d-----w C:\Program Files\DVDVideoSoft

2008-05-13 19:02 --------- d-----w C:\Program Files\Xilisoft

2008-05-09 16:10 --------- d-----w C:\Program Files\ArtMoney

2008-05-09 04:38 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-08 18:27 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DeskSlide

2008-05-08 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-25 19:24 --------- d-----w C:\Program Files\Java

2008-04-25 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-25 15:44 --------- d-----w C:\Program Files\Electronic Arts

2008-04-25 15:44 --------- d-----w C:\Program Files\EA Games

2008-04-23 12:19 --------- d-----w C:\Program Files\Axis Communications

2008-04-22 15:22 --------- d-----w C:\Program Files\FrostWire

2008-04-22 14:42 --------- d-----w C:\Program Files\Virtual Earth 3D

2008-04-19 21:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\BitTorrent

2008-04-19 20:05 --------- d-----w C:\Program Files\Avi2Dvd

2008-04-19 18:07 --------- d-----w C:\Program Files\AviSynth 2.5

2008-04-19 16:04 --------- d-----w C:\Program Files\DeskSlide

2008-04-19 12:00 --------- d-----w C:\Program Files\Free Download Manager

2008-04-19 11:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Software Informer

2008-04-19 10:29 --------- d-----w C:\Program Files\EncryptDrop Free Edition

2008-04-19 10:29 --------- d-----w C:\Documents and Settings\Hilde\Application Data\EncryptDrop

2008-04-17 19:21 --------- d-----w C:\Program Files\Shareaza Applications

2008-04-17 19:21 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Shareaza

2008-04-17 18:15 --------- d-----w C:\Program Files\Cheatbook Database 2007

2008-04-16 16:48 --------- d-----w C:\Program Files\GamesBar

2008-04-16 12:04 --------- d-----w C:\Program Files\WinAVI Video Converter

2008-04-16 11:32 --------- d-----w C:\Documents and Settings\Hilde\Application Data\vlc

2008-04-16 11:26 --------- d-----w C:\Program Files\VideoLAN

2008-04-16 10:51 14,312 ----a-w C:\Documents and Settings\Hilde\Application Data\inuj.bin

2008-04-16 10:51 14,299 ----a-w C:\WINDOWS\ixotewabys.sys

2008-04-16 10:51 13,249 ----a-w C:\Program Files\Common Files\eranyxu.db

2008-04-16 10:51 12,991 ----a-w C:\WINDOWS\izaketuvyz.exe

2008-04-16 10:51 12,590 ----a-w C:\WINDOWS\ecoj.bat

2008-04-16 10:51 11,505 ----a-w C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin

2008-04-10 16:29 --------- d-----w C:\Program Files\Native Instruments

2008-04-10 16:24 --------- d-----w C:\Program Files\WinXMedia

2008-04-08 16:01 --------- d-----w C:\Program Files\DNA

2008-04-08 16:01 --------- d-----w C:\Program Files\BitTorrent

2008-04-08 15:24 --------- d-----w C:\Program Files\BitLord

2008-04-06 16:09 19,886 ----a-w C:\Documents and Settings\All Users\Application Data\nofequlyvy.dll

2008-04-06 16:09 19,755 ----a-w C:\Documents and Settings\All Users\Application Data\ywim.dat

2008-04-06 16:09 18,003 ----a-w C:\Program Files\Common Files\wihabiki.lib

2008-04-06 16:09 14,547 ----a-w C:\WINDOWS\gatuxece.scr

2008-04-06 16:09 13,907 ----a-w C:\Documents and Settings\Hilde\Application Data\lyzy.dll

2008-04-06 16:09 12,327 ----a-w C:\WINDOWS\jonos.exe

2008-04-06 16:09 11,932 ----a-w C:\Documents and Settings\All Users\Application Data\kovogavyt.com

2008-04-06 16:09 11,882 ----a-w C:\Documents and Settings\All Users\Application Data\nuhixedo.vbs

2008-04-05 12:32 --------- d-----w C:\Program Files\Cheating-Death

2008-04-05 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-04-04 11:16 --------- d-----w C:\Program Files\Counter-Strike 1.6

2008-04-01 23:41 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Skype

2008-04-01 23:35 --------- d-----w C:\Program Files\Gamenext

2008-03-31 10:06 --------- d-----w C:\Program Files\Axion

2008-03-30 01:27 --------- d-----w C:\Program Files\Trend Micro

2008-03-29 19:33 --------- d-----w C:\Program Files\CCleaner

2008-03-29 19:32 --------- d-----w C:\Program Files\Yahoo!

2008-03-26 11:56 0 ----a-w C:\Program Files\temp01

2008-03-22 18:04 18,620 ----a-w C:\WINDOWS\umurogygyt.exe

2008-03-22 18:04 18,308 ----a-w C:\WINDOWS\vemydudy.bat

2008-03-22 18:04 17,984 ----a-w C:\Documents and Settings\All Users\Application Data\napoxota.vbs

2008-03-22 18:04 13,800 ----a-w C:\Program Files\Common Files\xorutel._sy

2008-03-22 18:04 11,926 ----a-w C:\Documents and Settings\All Users\Application Data\mowyna.dll

2008-03-17 15:03 18,821 ----a-w C:\Program Files\Common Files\zepakilyho.ban

2008-03-17 15:03 18,712 ----a-w C:\Documents and Settings\All Users\Application Data\foxuqupaq.dat

2008-03-17 15:03 17,773 ----a-w C:\Documents and Settings\All Users\Application Data\fege.dat

2008-03-17 15:03 16,775 ----a-w C:\WINDOWS\ylavetequ.dll

2008-03-17 15:03 16,304 ----a-w C:\Program Files\Common Files\faxeqiwefa.pif

2008-03-17 15:03 15,829 ----a-w C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin

2008-03-17 15:03 14,545 ----a-w C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll

2008-03-17 15:03 14,488 ----a-w C:\WINDOWS\ifixahu.reg

2008-03-17 15:03 14,309 ----a-w C:\Program Files\Common Files\kykahudohi.reg

2008-03-17 15:03 12,674 ----a-w C:\Program Files\Common Files\jevuxaj._dl

2008-03-17 15:03 11,529 ----a-w C:\Program Files\Common Files\pyjuwoses.pif

2008-03-17 15:03 11,466 ----a-w C:\WINDOWS\unitylysow.dll

2007-12-07 20:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

.

Files Infected - Win32.Agent.zb

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{180c4481-85e4-af57-5e4a-08be179fe565}]

2008-05-19 15:55 439808 --a------ C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a81846f-eede-58fb-b3fe-2ba4b0f6bc50}]

2008-05-27 15:41 370688 --a------ C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-03-14 14:05 2494464]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 12:10 289088]

"DeskSlide"="C:\Program Files\DeskSlide\DeskSlide.exe" [2006-08-30 23:33 774144]

"ares"="C:\Program Files\Ares\Ares.exe" [2007-04-12 01:50 947200]

"ReJf5vH"="C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe" [2008-05-21 13:27 13824]

"SurfAccuracy"="C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe" [2008-05-22 21:35 142336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-14 14:05 153136]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-14 14:05 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]

"KBD"="C:\HP\KBD\KBD.EXE" [2008-03-14 14:05 61440]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-03-14 14:05 118837]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-03-14 14:05 110592]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-14 14:05 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-14 14:05 267048]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"Logitech BT Wizard"="LBTWiz.exe" []

"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

"encryptdrop"="C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" [2005-10-17 02:51 150016]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"{75-51-1E-EC-DW}"="C:\windows\system32\jnwnw64j.exe" [ ]

"{a3d56726-30ce-a965-f54d-f1ce632803b0}"="C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" [2008-05-27 15:41 370688]

"ExploreUpdSched"="C:\WINDOWS\system32\rcntokdm.exe" [2008-05-24 11:27 200765]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664]

Deewoo.lnk - C:\WINDOWS\system32\rcntokdm.exe [2008-05-24 11:27:02 200765]

DeskPins.lnk - C:\Program Files\DeskPins\DeskPins.exe [2004-05-02 19:02:51 62464]

DW_Start.lnk - C:\WINDOWS\system32\jnwnw64j.exePCH [2008-05-22 08:38:32 49193]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-04-15 05:05:03 688128]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= C:\WINDOWS\system32\Ir41_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-03-14 14:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator]

C:\Program Files\WinReanimator\winreanimator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TabletService"=2 (0x2)

"gusvc"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\WINDOWS\\system32\\MPK\\Mpk.exe"=

"C:\\WINDOWS\\system32\\MPK\\MpkView.exe"=

"C:\\Program Files\\FrostWire\\FrostWire.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe" [2008-01-31 09:37]

R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]

S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-19 08:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 14:13:54

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\scardsvr.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-28 14:18:10 - machine was rebooted [Hilde]

ComboFix-quarantined-files.txt 2008-05-28 12:18:07

Pre-Run: 168,919,736,320 bytes beschikbaar

Post-Run: 172,606,627,840 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

381 --- E O F --- 2007-12-28 14:27:14

[filkill]

Hier de log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:22:26, on 28/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\WINDOWS\System32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\DeskSlide\DeskSlide.exe

C:\Program Files\Ares\Ares.exe

C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\WINDOWS\system32\rcntokdm.exe

C:\Program Files\DeskPins\DeskPins.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mysidesearch browser optimizer - {180c4481-85e4-af57-5e4a-08be179fe565} - C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: gooochi browser optimizer - {8a81846f-eede-58fb-b3fe-2ba4b0f6bc50} - C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [{75-51-1E-EC-DW}] C:\windows\system32\jnwnw64j.exe DWram

O4 - HKLM\..\Run: [{a3d56726-30ce-a965-f54d-f1ce632803b0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" DllStart

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ReJf5vH] C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe

O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntokdm.exe

O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe

O4 - Startup: DW_Start.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--

End of file - 11230 bytes

[Xeno]

Hoi Filkill,

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

• 
  File::
  C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll
  C:\WINDOWS\system32\rcntokdm.exe
  C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe
  C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
  C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe
  C:\WINDOWS\system32\jnwnw64j.exePCH
  C:\WINDOWS\system32\winpfz33.sys
  C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll
  C:\Documents and Settings\Hilde\Application Data\inuj.bin
  C:\WINDOWS\ixotewabys.sys
  C:\Program Files\Common Files\eranyxu.db
  C:\WINDOWS\izaketuvyz.exe
  C:\WINDOWS\ecoj.bat
  C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin
  C:\Documents and Settings\All Users\Application Data\nofequlyvy.dll
  C:\Documents and Settings\All Users\Application Data\ywim.dat
  C:\Program Files\Common Files\wihabiki.lib
  C:\WINDOWS\gatuxece.scr
  C:\Documents and Settings\Hilde\Application Data\lyzy.dll
  C:\WINDOWS\jonos.exe
  C:\Documents and Settings\All Users\Application Data\kovogavyt.com
  C:\Documents and Settings\All Users\Application Data\nuhixedo.vbs
  C:\Program Files\temp01
  C:\WINDOWS\umurogygyt.exe
  C:\WINDOWS\vemydudy.bat
  C:\Documents and Settings\All Users\Application Data\napoxota.vbs
  C:\Program Files\Common Files\xorutel._sy
  C:\Documents and Settings\All Users\Application Data\mowyna.dll
  C:\Program Files\Common Files\zepakilyho.ban
  C:\Documents and Settings\All Users\Application Data\foxuqupaq.dat
  C:\Documents and Settings\All Users\Application Data\fege.dat
  C:\WINDOWS\ylavetequ.dll
  C:\Program Files\Common Files\faxeqiwefa.pif
  C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin
  C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll
  C:\WINDOWS\ifixahu.reg
  C:\Program Files\Common Files\kykahudohi.reg
  C:\Program Files\Common Files\jevuxaj._dl
  C:\Program Files\Common Files\pyjuwoses.pif
  C:\WINDOWS\unitylysow.dll
  C:\WINDOWS\system32\zxdnt3d.cfg
  C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe
  Folder::
  C:\WINDOWS\system32\xA
  C:\WINDOWS\system32\moL1
  C:\WINDOWS\system32\logXv18
  C:\WINDOWS\system32\4056v
  C:\temp\dmpxp32
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{180c4481-85e4-af57-5e4a-08be179fe565}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a81846f-eede-58fb-b3fe-2ba4b0f6bc50}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ReJf5vH"=-
  "{75-51-1E-EC-DW}"=-
  "{a3d56726-30ce-a965-f54d-f1ce632803b0}"=-
  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator]
  

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.

Start opnieuw op als daarom gevraagd wordt,

en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Succes,

Xeno

[filkill]

Hier Combo Log:

ComboFix 08-05-27.4 - Hilde 2008-05-29 19:34:37.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.405 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Hilde\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\Hilde\Bureaublad\CFScript.txt.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

C:\Documents and Settings\All Users\Application Data\fege.dat

C:\Documents and Settings\All Users\Application Data\foxuqupaq.dat

C:\Documents and Settings\All Users\Application Data\kovogavyt.com

C:\Documents and Settings\All Users\Application Data\mowyna.dll

C:\Documents and Settings\All Users\Application Data\napoxota.vbs

C:\Documents and Settings\All Users\Application Data\nofequlyvy.dll

C:\Documents and Settings\All Users\Application Data\nuhixedo.vbs

C:\Documents and Settings\All Users\Application Data\ywim.dat

C:\Documents and Settings\Hilde\Application Data\inuj.bin

C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin

C:\Documents and Settings\Hilde\Application Data\lyzy.dll

C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe

C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll

C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin

C:\Program Files\Common Files\eranyxu.db

C:\Program Files\Common Files\faxeqiwefa.pif

C:\Program Files\Common Files\jevuxaj._dl

C:\Program Files\Common Files\kykahudohi.reg

C:\Program Files\Common Files\pyjuwoses.pif

C:\Program Files\Common Files\wihabiki.lib

C:\Program Files\Common Files\xorutel._sy

C:\Program Files\Common Files\zepakilyho.ban

C:\Program Files\temp01

C:\WINDOWS\ecoj.bat

C:\WINDOWS\gatuxece.scr

C:\WINDOWS\ifixahu.reg

C:\WINDOWS\ixotewabys.sys

C:\WINDOWS\izaketuvyz.exe

C:\WINDOWS\jonos.exe

C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll

C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe

C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll

C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe

C:\WINDOWS\system32\jnwnw64j.exePCH

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\rcntokdm.exe

C:\WINDOWS\system32\winpfz33.sys

C:\WINDOWS\system32\zxdnt3d.cfg

C:\WINDOWS\umurogygyt.exe

C:\WINDOWS\unitylysow.dll

C:\WINDOWS\vemydudy.bat

C:\WINDOWS\ylavetequ.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\fege.dat

C:\Documents and Settings\All Users\Application Data\foxuqupaq.dat

C:\Documents and Settings\All Users\Application Data\kovogavyt.com

C:\Documents and Settings\All Users\Application Data\mowyna.dll

C:\Documents and Settings\All Users\Application Data\napoxota.vbs

C:\Documents and Settings\All Users\Application Data\nofequlyvy.dll

C:\Documents and Settings\All Users\Application Data\nuhixedo.vbs

C:\Documents and Settings\All Users\Application Data\ywim.dat

C:\Documents and Settings\Hilde\Application Data\inuj.bin

C:\Documents and Settings\Hilde\Application Data\ipyzocek.bin

C:\Documents and Settings\Hilde\Application Data\lyzy.dll

C:\Documents and Settings\Hilde\Application Data\Microsoft\Windows\ktmlb.exe

C:\Documents and Settings\Hilde\Application Data\oxolypoh.dll

C:\Documents and Settings\Hilde\Application Data\ufurexyqiv.bin

C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\Deewoo.lnk

C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\DW_Start.lnk

C:\Program Files\Common Files\eranyxu.db

C:\Program Files\Common Files\faxeqiwefa.pif

C:\Program Files\Common Files\jevuxaj._dl

C:\Program Files\Common Files\kykahudohi.reg

C:\Program Files\Common Files\pyjuwoses.pif

C:\Program Files\Common Files\wihabiki.lib

C:\Program Files\Common Files\xorutel._sy

C:\Program Files\Common Files\zepakilyho.ban

C:\Program Files\temp01

C:\temp\dmpxp32

C:\temp\dmpxp32\sakldsr.log

C:\WINDOWS\ecoj.bat

C:\WINDOWS\gatuxece.scr

C:\WINDOWS\ifixahu.reg

C:\WINDOWS\ixotewabys.sys

C:\WINDOWS\izaketuvyz.exe

C:\WINDOWS\jonos.exe

C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll-uninst.exe

C:\WINDOWS\system32\{bcf70de3-96fb-c552-dda4-9edf6b799239}.dll

C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll-uninst.exe

C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll

C:\WINDOWS\system32\4056v

C:\WINDOWS\system32\4056v\hgvram102.exe

C:\WINDOWS\system32\atmtd.dll

C:\WINDOWS\system32\atmtd.dll._

C:\WINDOWS\system32\jnwnw64j.exePCH

C:\WINDOWS\system32\logXv18

C:\WINDOWS\system32\logXv18\logXv182328.exe

C:\WINDOWS\system32\moL1

C:\WINDOWS\system32\moL1\poEbdl7.exe

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\rcntokdm.exe

C:\WINDOWS\system32\winpfz33.sys

C:\WINDOWS\system32\xA

C:\WINDOWS\system32\xA\axdparsdll.exe

C:\WINDOWS\system32\zxdnt3d.cfg

C:\WINDOWS\umurogygyt.exe

C:\WINDOWS\unitylysow.dll

C:\WINDOWS\vemydudy.bat

C:\WINDOWS\ylavetequ.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))

.

2009-04-15 05:06 . 2009-04-15 05:10 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Logitech

2009-04-15 05:06 . 2005-10-05 12:00 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys

2009-04-15 05:06 . 2006-12-22 16:50 27,536 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys

2009-04-15 05:06 . 2005-10-05 12:00 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-04-15 05:06 . 2009-04-15 05:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-04-15 05:04 . 2009-04-15 05:07 <DIR> d-------- C:\Program Files\Logitech

2009-04-15 05:04 . 2009-04-15 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2009-04-15 05:03 . 2009-04-15 05:03 <DIR> d-------- C:\Program Files\WIDCOMM

2009-04-15 05:03 . 2006-12-04 23:33 863,402 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

2009-04-15 05:03 . 2006-12-04 23:33 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys

2009-04-15 05:03 . 2006-12-04 23:33 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll

2009-04-15 05:03 . 2006-12-04 23:33 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys

2009-04-15 05:03 . 2006-12-04 23:33 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys

2009-04-15 05:03 . 2006-12-04 23:33 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys

2009-04-14 22:30 . 2008-04-04 11:02 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Microsoft Games

2009-04-14 22:29 . 2009-04-14 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games

2009-04-14 22:24 . 2008-04-24 18:50 <DIR> d-------- C:\Program Files\Microsoft Games

2008-05-26 19:31 . 2008-05-26 19:31 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\CDBurnerXP_Soft

2008-05-26 19:30 . 2008-05-26 19:30 <DIR> d-------- C:\Program Files\CDBurnerXP

2008-05-25 11:34 . 2008-05-25 11:34 <DIR> d-------- C:\Ares Tube

2008-05-24 15:02 . 2008-05-24 15:08 <DIR> d-------- C:\Program Files\AV Music Morpher Gold

2008-05-24 15:00 . 2008-05-24 15:01 <DIR> d-------- C:\Program Files\AV Vcs 6.0

2008-05-21 13:30 . 2008-05-21 13:30 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2008-05-21 13:27 . 2008-05-22 21:35 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\SurfAccuracy

2008-05-21 13:27 . 2008-05-21 13:27 10 --a------ C:\Program Files\.autoreg

2008-05-15 18:01 . 2008-05-15 18:01 <DIR> d-------- C:\Program Files\Handbrake

2008-05-15 17:23 . 2008-05-15 17:23 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\dvdcss

2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\WINDOWS\Applian FLV Player

2008-05-14 19:10 . 2008-05-14 19:10 <DIR> d-------- C:\Program Files\FLV Player

2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\WINDOWS\My Video Downloader

2008-05-14 19:06 . 2008-05-14 19:06 <DIR> d-------- C:\Program Files\My Video Downloader

2008-05-13 21:02 . 2007-09-17 11:34 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-05-13 21:02 . 2007-09-17 11:34 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-05-13 20:39 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\Jocsoft

2008-05-13 20:39 . 2008-05-13 20:42 <DIR> d-------- C:\DVDVideoSoft

2008-05-09 17:27 . 2008-05-09 17:27 1,431 --a------ C:\WINDOWS\cmgt_z.ini

2008-05-09 17:25 . 2008-05-09 17:27 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\Malwarebytes

2008-05-08 20:37 . 2008-05-08 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-08 20:37 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-08 20:37 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-07 17:15 . 2008-05-07 17:33 <DIR> d-------- C:\Program Files\3D Flash Animator 4.9.8.4

2008-05-07 17:15 . 2008-05-07 17:15 <DIR> d-------- C:\Documents and Settings\Hilde\Application Data\3DFA

2008-05-07 17:15 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe

2008-05-01 21:20 . 2008-05-01 21:20 <DIR> d--hs---- C:\WINDOWS\system32\MPK

2008-05-01 21:20 . 2008-05-28 12:33 <DIR> d--hs---- C:\Documents and Settings\All Users\Application Data\MPK

2008-05-01 21:20 . 2008-05-01 21:20 587 --a------ C:\WINDOWS\system32\runrefog.lnk

2008-05-01 14:49 . 2008-05-24 21:22 <DIR> d-------- C:\Program Files\Cheat Engine

2008-05-01 14:49 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll

2008-05-01 14:49 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-04-30 19:31 . 2008-04-30 19:34 <DIR> d-------- C:\Program Files\Ares

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-15 03:09 26,225 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_15_04_51_59_small.dmp.zip

2009-04-15 03:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech

2009-04-15 03:05 --------- d-----w C:\Program Files\Common Files\Logitech

2009-04-15 02:49 26,211 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_15_03_59_24_small.dmp.zip

2009-04-15 01:58 11,516,411 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_14_21_26_47_full.dmp.zip

2009-04-14 07:25 512 ----a-w C:\ScanSectorLog.dat

2008-05-29 17:30 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DNA

2008-05-29 14:20 --------- d-----w C:\Documents and Settings\Hilde\Application Data\skypePM

2008-05-29 14:20 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Skype

2008-05-24 15:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\LimeWire

2008-05-24 15:55 --------- d-----w C:\Program Files\LimeWire

2008-05-22 17:48 --------- d-----w C:\Documents and Settings\Hilde\Application Data\FrostWire

2008-05-21 11:12 481,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-21 11:12 35,874,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-21 11:12 212,444 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-21 11:12 2,254,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-16 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 19:06 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft

2008-05-13 19:04 --------- d-----w C:\Program Files\DVDVideoSoft

2008-05-13 19:02 --------- d-----w C:\Program Files\Xilisoft

2008-05-09 16:10 --------- d-----w C:\Program Files\ArtMoney

2008-05-09 04:38 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-08 18:27 --------- d-----w C:\Documents and Settings\Hilde\Application Data\DeskSlide

2008-05-08 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-25 19:24 --------- d-----w C:\Program Files\Java

2008-04-25 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-25 15:44 --------- d-----w C:\Program Files\Electronic Arts

2008-04-25 15:44 --------- d-----w C:\Program Files\EA Games

2008-04-23 12:19 --------- d-----w C:\Program Files\Axis Communications

2008-04-22 15:22 --------- d-----w C:\Program Files\FrostWire

2008-04-22 14:42 --------- d-----w C:\Program Files\Virtual Earth 3D

2008-04-19 21:03 --------- d-----w C:\Documents and Settings\Hilde\Application Data\BitTorrent

2008-04-19 20:05 --------- d-----w C:\Program Files\Avi2Dvd

2008-04-19 18:07 --------- d-----w C:\Program Files\AviSynth 2.5

2008-04-19 16:04 --------- d-----w C:\Program Files\DeskSlide

2008-04-19 12:00 --------- d-----w C:\Program Files\Free Download Manager

2008-04-19 11:58 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Software Informer

2008-04-19 10:29 --------- d-----w C:\Program Files\EncryptDrop Free Edition

2008-04-19 10:29 --------- d-----w C:\Documents and Settings\Hilde\Application Data\EncryptDrop

2008-04-17 19:21 --------- d-----w C:\Program Files\Shareaza Applications

2008-04-17 19:21 --------- d-----w C:\Documents and Settings\Hilde\Application Data\Shareaza

2008-04-17 18:15 --------- d-----w C:\Program Files\Cheatbook Database 2007

2008-04-16 16:48 --------- d-----w C:\Program Files\GamesBar

2008-04-16 12:04 --------- d-----w C:\Program Files\WinAVI Video Converter

2008-04-16 11:32 --------- d-----w C:\Documents and Settings\Hilde\Application Data\vlc

2008-04-16 11:26 --------- d-----w C:\Program Files\VideoLAN

2008-04-16 10:51 16,817 ----a-w C:\WINDOWS\system32\tuhag.vbs

2008-04-16 10:51 16,757 ----a-w C:\WINDOWS\system32\kovyse.bin

2008-04-16 10:51 12,484 ----a-w C:\WINDOWS\system32\ifyzede.bin

2008-04-10 16:29 --------- d-----w C:\Program Files\Native Instruments

2008-04-10 16:24 --------- d-----w C:\Program Files\WinXMedia

2008-04-08 16:01 --------- d-----w C:\Program Files\DNA

2008-04-08 16:01 --------- d-----w C:\Program Files\BitTorrent

2008-04-08 15:24 --------- d-----w C:\Program Files\BitLord

2008-04-08 14:31 33,699 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_08_12_14_23_small.dmp.zip

2008-04-08 10:10 35,948 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_07_16_20_19_small.dmp.zip

2008-04-07 14:19 35,786 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_07_12_14_49_small.dmp.zip

2008-04-07 10:12 35,971 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_06_18_07_16_small.dmp.zip

2008-04-06 16:09 18,357 ----a-w C:\WINDOWS\system32\ihog.sys

2008-04-06 16:03 36,803 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_05_09_22_06_small.dmp.zip

2008-04-05 12:32 --------- d-----w C:\Program Files\Cheating-Death

2008-04-05 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-04-05 07:21 27,174 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_04_09_37_06_small.dmp.zip

2008-04-04 11:16 --------- d-----w C:\Program Files\Counter-Strike 1.6

2008-04-04 07:35 29,386 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2009_04_15_05_14_19_small.dmp.zip

2008-04-01 23:35 --------- d-----w C:\Program Files\Gamenext

2008-03-31 10:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-31 10:06 --------- d-----w C:\Program Files\Axion

2008-03-30 01:27 --------- d-----w C:\Program Files\Trend Micro

2008-03-29 19:33 --------- d-----w C:\Program Files\CCleaner

2008-03-29 19:32 --------- d-----w C:\Program Files\Yahoo!

2008-03-17 15:03 12,065 ----a-w C:\WINDOWS\system32\kivajala.sys

2007-12-07 20:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-03-14 14:05 2494464]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 12:10 289088]

"DeskSlide"="C:\Program Files\DeskSlide\DeskSlide.exe" [2006-08-30 23:33 774144]

"ares"="C:\Program Files\Ares\Ares.exe" [2007-04-12 01:50 947200]

"SurfAccuracy"="C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe" [2008-05-22 21:35 142336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-03-14 14:05 153136]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-14 14:05 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]

"KBD"="C:\HP\KBD\KBD.EXE" [2008-03-14 14:05 61440]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 17:14 86016 C:\WINDOWS\SoundMan.exe]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-03-14 14:05 118837]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-03-14 14:05 110592]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-14 14:05 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-14 14:05 267048]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"Logitech BT Wizard"="LBTWiz.exe" []

"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

"encryptdrop"="C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" [2005-10-17 02:51 150016]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"{75-51-1E-EC-DW}"="C:\windows\system32\jnwnw64j.exe" [ ]

"{a3d56726-30ce-a965-f54d-f1ce632803b0}"="C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

C:\Documents and Settings\Hilde\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664]

DeskPins.lnk - C:\Program Files\DeskPins\DeskPins.exe [2004-05-02 19:02:51 62464]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-14 17:55:34 113664]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-04-15 05:05:03 688128]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= C:\WINDOWS\system32\Ir41_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-03-14 14:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TabletService"=2 (0x2)

"gusvc"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\WINDOWS\\system32\\MPK\\Mpk.exe"=

"C:\\WINDOWS\\system32\\MPK\\MpkView.exe"=

"C:\\Program Files\\FrostWire\\FrostWire.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe" [2008-01-31 09:37]

R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]

S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

*Newly Created Service* - CATCHME

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-19 08:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-29 19:38:31

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-29 19:40:35

ComboFix-quarantined-files.txt 2008-05-29 17:39:44

ComboFix2.txt 2008-05-28 12:18:11

Pre-Run: 172,362,301,440 bytes beschikbaar

Post-Run: 172,587,147,264 bytes beschikbaar

348 --- E O F --- 2007-12-28 14:27:14

[filkill]

En hier nog een Hijacktis logje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:42:53, on 29/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\DeskSlide\DeskSlide.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\DeskPins\DeskPins.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [encryptdrop] "C:\Program Files\EncryptDrop Free Edition\EncryptDrop.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [{75-51-1E-EC-DW}] C:\windows\system32\jnwnw64j.exe DWram

O4 - HKLM\..\Run: [{a3d56726-30ce-a965-f54d-f1ce632803b0}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e3b7a448-adb1-510d-c106-ae125c249dff}.dll" DllStart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [surfAccuracy] C:\Documents and Settings\Hilde\Application Data\SurfAccuracy\SAcc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197064011015

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--

End of file - 10472 bytes

[Xeno]

Hoi Filkill,

Wil je eens naar je systeemklok kijken, of deze juist staat, het modifiëren van bestanden blijft bestaan.

1. Download SDFix naar je Bureaublad.

• Dubbelklik om te openen, waarna alle bestanden uitgepakt worden naar een eigen map met de naam SDFix, op je systeemschijf (meestal C:\SDFix).
  Start je computer op in veilige modus.
  Open de map SDfix en dubbelklik op runthis.bat om de tool te starten.
  Computer laten herstarten wanneer dit gevraagd wordt.
  SDfix loopt verder en opent na afloop een rapportje!.
  Post dit rapport in je volgende antwoord.
  

2. Ga naar start > uitvoeren en kopieer en plak volgende commando in het veld:

"%userprofile%\desktop\ComboFix.exe" /KillAll

Klik OK, en dit zal Combofix starten op een speciale wijze.

Na de scan krijg je een log, post deze met een verse HJT log.

Succes,

Xeno

[Xeno]

Hoi Filkill,

Ik heb nog een kleine vraag, was er iets in de vorm als deze op je pc?

Groetjes,

Xeno

[filkill]

Hoi Filkill,

Ik heb nog een kleine vraag, was er iets in de vorm als deze op je pc?

Groetjes,

Xeno

Nee niet dat ik weet:)