krijg trojan niet weg

[tzwientjuh]

ComboFix 08-09-05.03 - IannEefje 2008-09-07 21:54:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2011 [GMT 2:00]
Gestart vanuit: C:\Users\IannEefje\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\cbXPgfff.dll
C:\Windows\System32\DJlnmnnn.ini
C:\Windows\System32\DJlnmnnn.ini2
C:\Windows\system32\qoMdCrqo.dll
.
---- Previous Run -------
.
C:\Users\IannEefje\AppData\Roaming\.#
C:\Windows\system32\cbXPgfff.dll
C:\Windows\System32\DJlnmnnn.ini
C:\Windows\System32\DJlnmnnn.ini2
C:\Windows\system32\qoMdCrqo.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))
.

2008-09-07 21:50 . 2008-09-07 21:54 <DIR> d-------- C:\327882R2FWJFW
2008-09-07 21:16 . 2008-09-07 21:16 358,084,505 --a------ C:\Windows\MEMORY.DMP
2008-09-07 19:03 . 2008-09-07 19:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-07 18:33 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-09-07 18:33 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-09-07 18:33 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-09-06 21:28 . 2008-09-07 21:17 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-09-06 21:28 . 2008-09-07 21:17 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-09-06 21:28 . 2008-09-06 22:30 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-06 21:28 . 2008-09-07 21:57 3,146,784 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-09-06 21:28 . 2008-09-07 21:57 286,752 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-09-06 21:28 . 2008-09-06 21:35 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-09-06 21:28 . 2008-09-06 21:28 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-09-06 21:28 . 2008-09-07 21:57 26,712 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-09-06 21:28 . 2008-09-07 21:57 3,108 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-09-06 21:26 . 2008-09-06 21:26 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-09-06 21:26 . 2008-09-06 21:26 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-06 17:30 . 2004-08-18 05:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-09-06 13:37 . 2008-09-06 16:59 <DIR> d-------- C:\Users\All Users\Codemasters
2008-09-06 13:37 . 2008-09-06 16:59 <DIR> d-------- C:\ProgramData\Codemasters
2008-09-06 13:28 . 2008-09-06 13:28 <DIR> d-------- C:\Program Files\OpenAL
2008-09-06 13:27 . 2008-04-28 12:29 805,400 -ra------ C:\Windows\System32\tmp7DD7.tmp
2008-09-06 12:28 . 2008-09-06 12:28 <DIR> d-------- C:\Program Files\Arena51 Community Tool
2008-09-05 19:51 . 2008-09-05 19:51 0 --a------ C:\Windows\nsreg.dat
2008-09-05 02:35 . 2008-09-05 02:35 <DIR> d-------- C:\Program Files\Nieuwe map
2008-09-05 00:13 . 2008-09-05 00:13 <DIR> d-------- C:\Users\IannEefje\AppData\Roaming\InstallShield
2008-09-05 00:13 . 2008-09-05 00:13 <DIR> d-------- C:\Intel
2008-09-04 21:52 . 2008-09-04 21:52 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-09-04 21:29 . 2008-09-04 21:29 <DIR> d-------- C:\Users\IannEefje\Bluetooth Software
2008-09-04 20:25 . 2008-09-04 20:25 45 ---h----- C:\Windows\dace3778.dat
2008-09-04 20:17 . 2008-09-04 20:26 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-09-04 18:50 . 2008-09-04 18:50 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-09-04 17:31 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-09-04 17:31 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-09-04 17:31 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-09-04 17:31 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-09-04 17:31 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-09-04 17:31 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-09-04 17:31 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-09-04 16:58 . 2008-09-04 16:58 <DIR> d-------- C:\Users\IannEefje\AppData\Roaming\TuneUp Software
2008-09-04 16:58 . 2008-09-04 16:58 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-09-04 16:58 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-09-04 16:58 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-09-04 16:57 . 2008-09-04 16:57 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-09-04 16:57 . 2008-09-04 16:57 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-09-04 16:57 . 2008-09-04 16:58 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-04 16:57 . 2008-09-04 16:57 <DIR> d-------- C:\Program Files\HDR
2008-09-04 16:57 . 2008-09-04 16:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-04 16:11 . 2008-09-04 19:09 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-09-04 16:10 . 2008-09-04 16:10 0 --a------ C:\Users\IannEefje\AppData\Roaming\wklnhst.dat
2008-09-04 14:39 . 2008-09-04 14:39 <DIR> d--hs---- C:\Diskeeper
2008-09-04 14:26 . 2008-09-04 14:26 <DIR> d-------- C:\Program Files\CCleaner
2008-09-04 14:24 . 2008-09-04 14:24 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-04 14:23 . 2008-09-04 14:23 <DIR> d-------- C:\Users\All Users\Diskeeper Corporation
2008-09-04 14:23 . 2008-09-04 14:23 <DIR> d-------- C:\ProgramData\Diskeeper Corporation
2008-09-04 14:23 . 2008-09-04 14:23 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-09-04 00:08 . 2008-09-04 00:08 <DIR> d-------- C:\Users\All Users\InterAction studios
2008-09-04 00:08 . 2008-09-04 00:08 <DIR> d-------- C:\ProgramData\InterAction studios
2008-09-03 23:10 . 2007-12-16 17:57 75,776 --a------ C:\Windows\System32\drivers\WSVD.sys
2008-09-03 20:26 . 2008-09-04 16:26 <DIR> d-------- C:\Program Files\Google
2008-09-03 20:25 . 2008-09-03 20:25 <DIR> d-------- C:\Program Files\Fraps
2008-09-03 19:14 . 2008-09-04 19:18 0 --a------ C:\Windows\System32\LogConfigTemp.xml
2008-09-03 19:13 . 2008-09-03 19:13 <DIR> d-------- C:\Program Files\Launch Manager
2008-09-03 19:13 . 2008-09-03 19:13 83 --a------ C:\Windows\LManager.UNI
2008-09-03 19:12 . 2007-10-23 10:56 200,704 --a------ C:\Windows\PLFSetI.exe
2008-09-03 19:12 . 2008-01-10 13:56 57 --a------ C:\Windows\PidList.ini
2008-09-03 19:10 . 2008-09-03 19:10 <DIR> d-------- C:\Windows\System32\es-MX
2008-09-03 19:10 . 2008-09-03 19:10 <DIR> d-------- C:\Windows\System32\es-AR
2008-09-03 19:10 . 2008-09-03 19:10 <DIR> d-------- C:\Program Files\WIDCOMM
2008-09-03 19:10 . 2007-04-26 04:20 233,472 --a------ C:\Windows\System32\BtwRSupport.dll
2008-09-03 19:10 . 2007-02-27 08:20 81,200 --a------ C:\Windows\System32\drivers\btwavdt.sys
2008-09-03 19:10 . 2007-03-29 21:46 79,664 --a------ C:\Windows\System32\drivers\btwaudio.sys
2008-09-03 19:10 . 2007-02-27 08:20 16,432 --a------ C:\Windows\System32\drivers\btwrchid.sys
2008-09-03 19:09 . 2008-09-03 19:09 1,548,099 --a------ C:\Windows\System32\VMC3KAPI.dll
2008-09-03 19:09 . 2008-09-03 19:09 114,688 --a------ C:\Windows\System32\VCryptAPI.dll
2008-09-03 19:09 . 2008-09-03 19:09 23,040 --a------ C:\Windows\System32\ShlCmd.exe
2008-09-03 19:09 . 2008-09-03 19:09 5,632 --a------ C:\Windows\System32\biologon.dll
2008-09-03 19:08 . 2008-09-03 19:08 <DIR> d-------- C:\Program Files\Validity Sensors, Inc
2008-09-03 19:08 . 2008-09-03 19:08 331,776 --a------ C:\Windows\System32\DrvCrypt.dll
2008-09-03 19:08 . 2008-09-03 19:08 192,512 --a------ C:\Windows\System32\BioOne.dll
2008-09-03 19:08 . 2008-09-03 19:08 189,952 --a------ C:\Windows\System32\PBAGUI.dll
2008-09-03 19:08 . 2008-09-03 19:08 43,184 --a------ C:\Windows\System32\drivers\AlfaFF.sys
2008-09-03 19:08 . 2008-09-03 19:08 16,384 --a------ C:\Windows\System32\AlfaFF.dll
2008-09-03 19:07 . 2008-09-03 19:07 <DIR> d-------- C:\Windows\System32\NLD
2008-09-03 19:07 . 2008-09-03 19:07 <DIR> d-------- C:\Windows\System32\Lang
2008-09-03 19:07 . 2008-09-03 19:07 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-09-03 19:07 . 2008-09-03 19:07 <DIR> d-------- C:\ProgramData\NVIDIA
2008-09-03 19:07 . 2008-09-03 13:45 <DIR> d--hs---- C:\$RECYCLE.BIN
2008-09-03 19:07 . 2007-12-21 11:38 936,472 --a------ C:\Windows\System32\imsmudlg.exe
2008-09-03 19:07 . 2006-11-10 09:25 319,456 --a------ C:\Windows\System32\difxapi.dll
2008-09-03 19:03 . 2008-03-07 19:55 1,079,840 --a------ C:\Windows\System32\nvcpluir.dll
2008-09-03 19:03 . 2008-03-07 19:55 764,448 --a------ C:\Windows\System32\nvcplui.exe
2008-09-03 19:03 . 2008-03-07 19:55 442,368 --a------ C:\Windows\System32\nvuninst.exe
2008-09-03 19:03 . 2008-03-07 19:55 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-09-03 19:03 . 2008-03-07 19:55 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-09-03 18:34 . 2008-09-04 15:44 <DIR> d-------- C:\Users\IannEefje\AppData\Roaming\eSobi
2008-09-03 18:11 . 2008-09-03 18:11 <DIR> d--hs---- C:\Windows\ftpcache
2008-09-03 17:21 . 2008-09-03 17:21 <DIR> d-------- C:\Program Files\PicLensIE
2008-09-03 17:11 . 2008-09-03 17:11 <DIR> d-------- C:\Users\IannEefje\AppData\Roaming\Apple Computer
2008-09-03 17:10 . 2008-09-03 17:11 <DIR> d-------- C:\Program Files\iTunes
2008-09-03 17:10 . 2008-09-03 17:10 <DIR> d-------- C:\Program Files\iPod
2008-09-03 17:10 . 2008-09-03 17:10 <DIR> d-------- C:\Program Files\Bonjour
2008-09-03 17:09 . 2008-09-03 17:10 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-09-03 17:09 . 2008-09-03 17:09 <DIR> d-------- C:\Users\All Users\Apple
2008-09-03 17:09 . 2008-09-03 17:10 <DIR> d-------- C:\ProgramData\Apple Computer
2008-09-03 17:09 . 2008-09-03 17:09 <DIR> d-------- C:\ProgramData\Apple
2008-09-03 17:09 . 2008-09-03 17:10 <DIR> d-------- C:\Program Files\QuickTime
2008-09-03 17:09 . 2008-09-03 17:09 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-03 16:45 . 2008-09-07 20:33 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-03 16:45 . 2008-09-07 20:33 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-03 16:40 . 2008-09-03 16:40 <DIR> d-------- C:\Users\IannEefje\autocad
2008-09-03 16:27 . 2008-09-05 17:11 <DIR> d-------- C:\Users\IannEefje\AppData\Roaming\Autodesk
2008-09-03 16:27 . 2008-09-05 17:11 <DIR> d-------- C:\Users\All Users\Autodesk
2008-09-03 16:27 . 2008-09-05 17:11 <DIR> d-------- C:\ProgramData\Autodesk
2008-09-03 16:27 . 2008-09-03 16:30 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-09-03 16:24 . 2008-09-03 16:30 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-09-03 16:24 . 2008-09-03 16:24 <DIR> d-------- C:\Program Files\Autodesk
2008-09-03 16:08 . 2008-09-03 16:08 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-03 16:03 . 2008-09-03 16:03 <DIR> d-------- C:\Users\IannEefje\AppData\Roaming\DAEMON Tools
2008-09-03 16:03 . 2008-09-03 16:03 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-09-03 15:46 . 2008-09-07 21:49 28,219 --a------ C:\Users\All Users\nvModes.dat
2008-09-03 15:46 . 2008-09-07 21:49 28,219 --a------ C:\ProgramData\nvModes.dat
2008-09-03 15:10 . 2008-09-07 21:57 12 --a------ C:\Windows\bthservsdp.dat
2008-09-03 14:50 . 2008-09-03 14:50 <DIR> d-------- C:\Windows\System32\Futuremark
2008-09-03 14:15 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-06 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 11:28 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-09-06 11:28 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-09-04 13:54 --------- d-----w C:\Program Files\Acer
2008-09-04 13:44 --------- d-----w C:\ProgramData\eSobi
2008-09-04 13:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-04 13:42 --------- d-----w C:\Program Files\Microsoft Works
2008-09-03 20:02 --------- d-----w C:\ProgramData\McAfee
2008-09-03 20:00 --------- d-----w C:\ProgramData\SiteAdvisor
2008-09-03 17:07 --------- d-----w C:\Program Files\Intel
2008-09-03 14:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-03 12:19 --------- d-----w C:\Program Files\Windows Mail
2008-09-03 11:29 --------- d-sh--w C:\ProgramData\Sjablonen
2008-09-03 11:29 --------- d-sh--w C:\ProgramData\Menu Start
2008-09-03 11:29 --------- d-sh--w C:\ProgramData\Favorieten
2008-09-03 11:29 --------- d-sh--w C:\ProgramData\Documenten
2008-09-03 11:29 --------- d-sh--w C:\ProgramData\Bureaublad
2008-07-29 18:21 218,376 ----a-w C:\Windows\System32\klogon.dll
2008-07-29 18:20 24,774 ----a-w C:\Windows\system32\drivers\klopp.dat
2008-07-22 09:58 47,616 ----a-w C:\Windows\system32\drivers\L1E60x86.sys
2008-07-21 16:34 121,872 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-07-09 16:28 20,496 ----a-w C:\Windows\system32\drivers\klim6.sys
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2008-03-07 92704]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-03 3642368]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKe y MC3000]
2008-09-03 19:09 3024384 C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkb d.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=C:\Windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
--a------ 2008-02-25 18:57 34040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1505938756-1031342763-1272919410-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{109AA567-30D2-4C19-8899-240672CE2254}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{93B8E81E-B479-44F1-9B74-AF6288B70750}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{39FA2BA1-7C34-4457-9964-09A266BAA928}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{025F4D38-FCD7-487C-AF49-918268440A0A}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{B5AB065D-CF8A-4C84-A954-EF87ADFCAD47}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D26DBDBC-565B-4FAA-9D22-86D072D38F3B}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D05C09F2-A4D5-4073-AF55-E91BF8582356}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"{36E3B7A1-8E39-4E7B-B8CE-A99EAD9528FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EB17BEA8-5610-450C-91A2-F72F73419D49}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8FFF8801-7E0A-4C2C-9E38-10F4B2D34C18}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{755371A6-6A55-40B1-A724-E447F7F2783E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{31B5B0D8-B157-49DD-8FF9-D95C3DE8280E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{38089FF6-A41B-4696-B9D7-238FF02CCC02}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{6D0E0909-D58D-434D-957A-70717196B668}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{B4AF9210-3D65-4C70-85CF-357B2BB8DA11}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"{D8EDE7DF-874F-4A8C-811A-A218A7811511}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo

R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\system32\Drivers\AlfaFF.sys [2008-09-03 43184]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\system32\vfsFPService.exe [2008-02-15 595248]
R3 AVerAF15;AVerMedia BDA Digital Tuner;C:\Windows\system32\Drivers\AVerAF15.sys [2008-01-16 281984]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1E60x86.sy s [2008-07-22 47616]
R3 vfs101x;vfs101x;C:\Windows\system32\drivers\vfs101 x.sys [2008-02-15 40752]
S3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio .sys [2007-03-29 79664]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2007-02-27 16432]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-03-13 80912]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-04 92656]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-09-04 307968]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2007-12-16 75776]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.s ys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a90e75b8-79d9-11dd-9e26-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe
.
Inhoud van de 'Gedeelde Taken' map
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{1FB5C8F6-82F0-49CE-BCD9-9C80DDA48E26} - C:\Windows\system32\qoMdCrqo.dll
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-eAudio - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
MSConfigStartUp-eDataSecurity Loader - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSConfigStartUp-ePower_DMC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSConfigStartUp-PlayMovie - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\IannEefje\AppData\Roaming\Mozilla\Firefox \Profiles\gv6jejuz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 21:58:59
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\IANNEE~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\dllhost.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-09-07 22:01:18 - machine was rebooted [IannEefje]
ComboFix-quarantined-files.txt 2008-09-07 20:01:13

Pre-Run: 112,480,768,000 bytes beschikbaar
Post-Run: 112,245,329,920 bytes beschikbaar

320 --- E O F --- 2008-09-07 17:11:44



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:01, on 7/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\IANNEE~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 6896 bytes