Volledige versie bekijken : blauw scherm alles weg kon niet inloggen als administrator even nakijken please



serna
21 April 2008, 10:39
Ik heb combofix gedraaid nu kan ik gewoon inloggen maar ben niet zeker of er nog geen infecties zijn. Kan er even iemand naar kijken A.U.B

Logfile of HijackThis v1.99.1
Scan saved at 10:34, on 2008-04-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
D:\hijackthisdec\hijackthis1.99\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.EXE /FU "C:\WINDOWS\TEMP\E_S2B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - Startup: Registration .LNK = D:\Program Files\Ubisoft\RegistrationReminder\RegistrationRem inder.exe
O4 - Global Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198229345952
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe" -service (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: GEARSecurity - GEAR Software Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Rosty
21 April 2008, 16:12
Wil je de log van ComboFix ook posten,aub? Zo zien we wat er al verwijderd werd!

serna
21 April 2008, 18:32
ComboFix 08-04-20.2 - jos 2008-04-21 2:36:27.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.400 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\jos\Local Settings\Temporary Internet Files\Content.IE5\58HPDHN3\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ateskvtq.exe
C:\WINDOWS\system32\moXEKRqr.ini
C:\WINDOWS\system32\moXEKRqr.ini2
C:\WINDOWS\system32\nnnoOiGv.dll
C:\WINDOWS\system32\rqRKEXom.dll
C:\WINDOWS\system32\urqPfGVN.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))
.
2008-04-21 01:53 . 2008-04-21 01:53 <DIR> d-------- C:\Documents and Settings\serna\Application Data\Grisoft
2008-04-21 01:41 . 2008-04-21 01:41 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-21 01:39 . 2008-04-21 01:39 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
2008-04-21 01:38 . 2008-04-21 01:38 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2008-04-21 01:37 . 2008-04-21 01:37 13,107,200 --a------ C:\WINDOWS\system32\dllcache\oembios.bin
2008-04-21 01:36 . 2008-04-21 01:36 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-21 01:35 . 2008-04-21 01:35 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-04-21 01:32 . 2008-04-21 01:32 32,866 --------- C:\WINDOWS\slrundll.exe
2008-04-21 01:29 . 2008-04-21 01:29 1,818,624 --a------ C:\WINDOWS\mixer.exe
2008-04-21 01:29 . 2008-04-21 01:29 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-04-21 01:29 . 2008-04-21 01:29 70,144 --a------ C:\WINDOWS\notepad.exe
2008-04-21 01:29 . 2008-04-21 01:29 16,730 --a------ C:\WINDOWS\Patroon.bmp
2008-04-21 01:29 . 2008-04-21 01:29 4,207 --a------ C:\WINDOWS\ODBCINST.INI
2008-04-21 01:29 . 2008-04-21 01:29 1,405 --a------ C:\WINDOWS\msdfmap.ini
2008-04-21 01:29 . 2008-04-21 01:29 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-21 01:29 . 2008-04-21 01:29 335 --a------ C:\WINDOWS\mozregistry.dat
2008-04-21 01:29 . 2008-04-21 01:29 25 --a------ C:\WINDOWS\mixerdef.ini
2008-04-21 01:28 . 2008-04-21 01:28 17,062 --a------ C:\WINDOWS\Kopje koffie.bmp
2008-04-21 01:28 . 2008-04-21 01:28 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-21 01:25 . 2008-04-21 01:25 1,036,800 --a------ C:\WINDOWS\explorer.exe
2008-04-21 01:25 . 2008-04-21 01:25 26,582 --a------ C:\WINDOWS\Groensteen.bmp
2008-04-21 01:25 . 2008-04-21 01:25 10,752 --a------ C:\WINDOWS\hh.exe
2008-04-21 01:25 . 2008-04-21 01:25 80 --a------ C:\WINDOWS\explorer.scf
2008-04-21 01:24 . 2008-04-21 01:24 139,264 --a------ C:\WINDOWS\cmuninst.exe
2008-04-21 01:24 . 2008-04-21 01:24 135,168 --a------ C:\WINDOWS\cmuninst.dat
2008-04-21 01:24 . 2008-04-21 01:24 82,944 --a------ C:\WINDOWS\clock.avi
2008-04-21 01:24 . 2008-04-21 01:24 39,104 --a------ C:\WINDOWS\cmijack.dat
2008-04-21 01:24 . 2008-04-21 01:24 28,252 --a------ C:\WINDOWS\corelpf.lrs
2008-04-21 01:24 . 2008-04-21 01:24 22,178 --a------ C:\WINDOWS\cmaudio.dat
2008-04-21 01:24 . 2008-04-21 01:24 1,272 --a------ C:\WINDOWS\Blauw 16.bmp
2008-04-21 01:24 . 2008-04-21 01:24 25 --a------ C:\WINDOWS\cdplayer.ini
2008-04-21 01:24 . 2008-04-21 01:24 2 --a------ C:\WINDOWS\desktop.ini
2008-04-21 01:24 . 2008-04-21 01:24 0 --a------ C:\WINDOWS\control.ini
2008-04-21 01:23 . 2008-04-21 01:23 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-21 01:16 . 2008-04-21 01:16 <DIR> d-------- C:\Documents and Settings\serna\Application Data\Malwarebytes
2008-04-21 00:47 . 2008-04-21 00:47 <DIR> d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-04-21 00:47 . 2008-04-21 00:47 251,184 -rahs---- C:\ntldr
2008-04-21 00:46 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 00:46 . 2008-04-21 00:46 94,080 --a------ C:\Documents and Settings\jos\Application Data\ezplay.sys
2008-04-21 00:46 . 2008-04-21 00:46 87,608 --a------ C:\Documents and Settings\jos\Application Data\ezpinst.exe
2008-04-21 00:46 . 2008-04-21 00:46 47,360 --a------ C:\Documents and Settings\jos\Application Data\pcouffin.sys
2008-04-21 00:42 . 2008-04-21 00:42 524,288 --a------ C:\backup.bin
2008-04-21 00:42 . 2008-04-21 00:42 4,952 -rahs---- C:\Bootfont.bin
2008-04-21 00:10 . 2008-04-21 00:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-04-21 00:09 . 2008-04-21 00:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-21 00:05 . 2008-04-21 00:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-21 00:00 . 2008-04-21 00:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-21 00:00 . 2008-04-21 02:35 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-20 22:00 . 2008-04-20 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cnwzsfcn
2008-04-20 22:00 . 2008-04-19 12:39 335,872 --a------ C:\WINDOWS\wdpoefan.dll
2008-04-20 22:00 . 2008-04-19 12:39 270,336 --a------ C:\WINDOWS\qnmargolktr.dll
2008-04-20 22:00 . 2008-04-19 12:39 233,472 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-20 22:00 . 2008-04-19 12:39 184,320 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-20 22:00 . 2008-04-19 12:39 106,496 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-20 22:00 . 2008-04-19 12:39 98,304 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-20 22:00 . 2008-04-20 22:00 98,304 --------- C:\WINDOWS\system32\yrsrgbwb.exe
2008-04-20 17:42 . 2008-04-21 00:47 <DIR> dr-h----- C:\Documents and Settings\jos\Onlangs geopend
2008-04-16 21:05 . 2008-04-16 21:14 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-16 21:05 . 2008-04-16 21:05 <DIR> d-------- C:\Documents and Settings\jos\Application Data\TuneUp Software
2008-04-16 21:05 . 2008-04-16 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-16 21:05 . 2008-04-16 21:05 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-16 21:05 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-15 09:31 . 2008-04-15 09:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-14 15:35 . 2008-04-14 15:35 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Jasc
2008-04-14 15:31 . 2008-04-14 15:32 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-04-12 02:20 . 2008-04-12 15:13 <DIR> d-------- C:\Program Files\Intelore
2008-04-11 15:22 . 2008-04-11 19:37 <DIR> d-------- C:\Program Files\Azureus
2008-04-11 15:22 . 2008-04-15 17:59 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Azureus
2008-04-11 15:22 . 2008-04-11 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-10 09:43 . 2008-04-10 10:00 <DIR> d-------- C:\Program Files\Dr.Hardware 2008 english
2008-04-04 23:50 . 2008-04-04 23:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-04 23:50 . 2008-04-04 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-04 12:26 . 2008-04-14 11:19 <DIR> d-------- C:\Program Files\GameShadow
2008-04-04 12:25 . 2008-04-04 12:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-04 10:32 . 2008-04-21 02:51 5,160,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 10:32 . 2008-04-21 02:45 64,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 10:29 . 2008-04-04 10:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-02 23:39 . 2008-04-02 23:39 <DIR> d-------- C:\Program Files\Common Files\ABBYY
2008-04-02 23:35 . 2008-04-03 00:03 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0
2008-04-02 23:35 . 2008-04-03 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY
2008-04-02 20:13 . 2008-04-02 20:13 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Nero
2008-04-02 20:09 . 2008-04-02 20:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-02 20:09 . 2008-04-02 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-31 20:42 . 2008-03-31 20:42 <DIR> d-------- C:\Program Files\QuickTime
2008-03-31 20:42 . 2008-03-31 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-31 19:00 . 2008-03-31 19:00 1,409 --a------ C:\WINDOWS\system32\tmp8C393.FOT
2008-03-31 11:32 . 2008-03-31 11:32 <DIR> d-------- C:\Program Files\ScanSoft
2008-03-31 11:30 . 2008-03-31 11:31 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2008-03-28 17:07 . 2008-03-28 17:07 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-03-28 17:07 . 2008-03-28 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-03-27 22:25 . 2008-03-27 22:25 <DIR> d-------- C:\Documents and Settings\jos\Application Data\HEXelon
2008-03-27 22:24 . 2008-03-27 22:45 <DIR> d-------- C:\Program Files\TC UP
2008-03-25 17:25 . 2004-08-04 00:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-03-25 17:25 . 2004-08-04 00:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-03-25 17:25 . 2004-08-04 00:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-03-25 17:25 . 2004-08-04 00:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-03-25 17:25 . 2004-08-04 00:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-21 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-20 23:40 94,784 ----a-w C:\WINDOWS\twain.dll
2008-04-20 23:40 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-20 23:40 49,680 ----a-w C:\WINDOWS\twunk_16.exe
2008-04-20 23:40 287,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-20 23:40 257,072 ----a-w C:\WINDOWS\winhelp.exe
2008-04-20 23:40 25,600 ----a-w C:\WINDOWS\twunk_32.exe
2008-04-20 23:40 18,944 ----a-w C:\WINDOWS\vmmreg32.dll
2008-04-20 23:40 15,872 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-04-20 23:37 96,256 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
2008-04-20 23:30 41,219 ----a-w C:\WINDOWS\RSETPATH.exe
2008-04-20 23:30 215,144 ----a-r C:\WINDOWS\pw32a.dll
2008-04-20 23:30 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-20 23:25 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-20 23:25 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-20 23:25 3,374,640 ----a-w C:\WINDOWS\Help\Tours\mmTour\tour.exe
2008-04-20 23:25 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-20 23:25 152,576 ----a-w C:\WINDOWS\Help\bnts.dll
2008-04-20 23:23 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-20 23:23 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-20 23:23 244,736 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-20 23:23 137,728 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-20 23:23 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-20 23:23 1,852,416 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-20 23:00 --------- d-----w C:\Program Files\Zone Labs
2008-04-20 23:00 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 23:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-20 23:00 --------- d-----w C:\Program Files\Unlocker
2008-04-20 22:59 --------- d-----w C:\Program Files\Uniblue
2008-04-20 22:59 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-04-20 22:59 --------- d-----w C:\Program Files\TechSmith
2008-04-20 22:59 --------- d-----w C:\Program Files\Symantec
2008-04-20 22:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-20 22:59 --------- d-----w C:\Program Files\Smart Projects
2008-04-20 22:59 --------- d-----w C:\Program Files\ScanWizard 5
2008-04-20 22:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-20 22:59 --------- d-----w C:\Program Files\Real
2008-04-20 22:59 --------- d-----w C:\Program Files\Qualcomm
2008-04-20 22:59 --------- d-----w C:\Program Files\PowerISO
2008-04-20 22:55 --------- d-----w C:\Program Files\Pinnacle
2008-04-20 22:54 --------- d-----w C:\Program Files\Nuance
2008-04-20 22:54 --------- d-----w C:\Program Files\Netscape
2008-04-20 22:53 --------- d-----w C:\Program Files\Nero
2008-04-20 22:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-20 22:53 --------- d-----w C:\Program Files\MSBuild
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft Works
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-20 22:50 --------- d-----w C:\Program Files\Corel
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Scansoft Shared
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\Real
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\logishrd
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-20 22:48 --------- d-----w C:\Program Files\CCleaner
2008-04-20 22:48 --------- d-----w C:\Program Files\ATI Technologies
2008-04-20 22:48 --------- d-----w C:\Program Files\AOpen
2008-04-20 22:48 --------- d-----w C:\Program Files\ANI
2008-04-20 22:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-20 22:48 --------- d-----w C:\Program Files\ACD Systems
2008-04-20 22:47 --------- d-----w C:\Program Files\a-squared Free
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nuance
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-20 20:20 --------- d-----w C:\Documents and Settings\jos\Application Data\uTorrent
2008-04-10 13:12 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 18:32 3,140 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-28 15:09 88 --sh--r C:\Documents and Settings\All Users\Application Data\E251144BEE.sys
2008-03-27 23:14 --------- d-----w C:\Documents and Settings\jos\Application Data\UpdateStar
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-12 16:07 --------- d-----w C:\Documents and Settings\jos\Application Data\Ariane Software
2008-03-09 14:40 --------- d-----w C:\Documents and Settings\jos\Application Data\VSRevoGroup
2008-03-09 14:30 --------- d-----w C:\Program Files\VS Revo Group
2008-03-06 14:34 --------- d-----w C:\Program Files\Java
2008-03-06 14:33 --------- d-----w C:\Program Files\Common Files\Java
2008-03-04 12:57 --------- d-----w C:\Documents and Settings\jos\Application Data\Malwarebytes
2008-03-04 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-01 23:24 --------- d-----w C:\Documents and Settings\jos\Application Data\Systenance
2008-03-01 22:46 --------- d-----w C:\Program Files\Index.dat Analyzer
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 16:39 --------- d-----w C:\Documents and Settings\jos\Application Data\EPSON
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-25 07:49 --------- d-s---w C:\Program Files\Common Files\Teknum Systems
2008-02-24 14:24 --------- d-----w C:\Program Files\HandyBits
2008-02-24 14:13 --------- d-----w C:\Program Files\TrueCrypt
2008-02-24 14:11 --------- d-----w C:\Documents and Settings\jos\Application Data\TrueCrypt
.

<pre>
----a-w 68,856 2008-04-20 22:51:18 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier .exe
----a-w 145,496 2008-04-20 22:57:41 C:\Program Files\Pinnacle\Studio 11\LaunchList2 .exe
----a-w 200,704 2008-04-20 22:59:22 C:\Program Files\PowerISO\PWRISOVM .EXE
----a-w 15,360 2008-04-20 23:36:12 C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-04 10:29 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-04 10:29 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-04 10:29 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-21 01:36 15360]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.exe" [2007-04-12 16:00 182272]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2008-02-24 16:24 19456]
"sdsczkua"="C:\WINDOWS\system32\yrsrgbwb.exe" [2008-04-20 22:00 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C-Media Mixer"="Mixer.exe" [2008-04-21 01:29 1818624 C:\WINDOWS\mixer.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00 155648]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Device Detector"="DevDetect.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-21 01:36 15360]
C:\Documents and Settings\jos\Menu Start\Programma's\Opstarten\
Registration .LNK - D:\Program Files\Ubisoft\RegistrationReminder\RegistrationRem inder.exe [2008-04-04 12:25:28 962560]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
FreeClip.lnk - C:\Program Files\FreeClip\FreeClip.exe [2008-04-21 00:51:12 724992]
Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe [2008-04-21 00:59:48 315392]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"zqzwbVPVnT"= C:\Documents and Settings\All Users\Application Data\cnwzsfcn\gtmrkzab.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-21 14:31 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Device Detector"=DevDetect.exe -autorun
"beidsystemtray"=C:\Program Files\Belgium Identity Card\beidsystemtray.exe
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"F:\\torrent\\utorrent.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\driver s\VD_FileDisk.sys [2006-01-13 15:00]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe" -service []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 16:16]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-21 01:39]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvb i.sys [2008-04-21 01:37]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-21 01:37]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]
S3 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 16:16]
S3 OpenDrv;OpenDrv;C:\Program Files\AOpen\SilentTek\OpenDrv.sys [2008-04-21 00:48]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-04-16 21:05]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-04 21:50:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-21 00:49:12 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-12 16:47:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 23:40:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 23:40:47 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 02:50:11
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-04-21 2:53:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 00:53:24
ComboFix2.txt 2008-03-05 09:58:28
Pre-Run: 227,993,083,904 bytes beschikbaar
Post-Run: 227,973,107,712 bytes beschikbaar
380 --- E O F --- 2008-04-09 12:17:38
quarantined files
2008-04-20 22:00 38400 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqPfGVN.d ll.vir
2008-04-20 22:05 274432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnoOiGv.d ll.vir
2008-04-21 01:35 74304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ateskvtq.e xe.vir
2008-04-21 02:13 274432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRKEXom.d ll.vir
2008-04-21 02:34 6844 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\moXEKRqr.i ni2.vir
2008-04-21 02:36 6844 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\moXEKRqr.i ni.vir
2008-04-21 02:43 200 --a------ C:\Qoobox\Quarantine\catchme.log
2008-04-21 02:43 264346 --a------ C:\Qoobox\Quarantine\catchme2008-04-21_ 24313.68.zip

Rosty
21 April 2008, 19:28
Hoi,

waarom heb je de recovery console niet geinstaleerd?

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Folder::
C:\Qoobox
Renv::
----a-w 68,856 2008-04-20 22:51:18 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier .exe
----a-w 145,496 2008-04-20 22:57:41 C:\Program Files\Pinnacle\Studio 11\LaunchList2 .exe
----a-w 200,704 2008-04-20 22:59:22 C:\Program Files\PowerISO\PWRISOVM .EXE
----a-w 15,360 2008-04-20 23:36:12 C:\WINDOWS\system32\ctfmon .exe


Sla dit op op je Bureaublad als CFScript .

Sleep CFScript in ComboFix.exe zoals getoond in onderstaand voorbeeld :


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt, samen met een nieuw HijackThis log in je volgende antwoord.

serna
21 April 2008, 20:42
waarom heb je de recovery console niet geinstaleerd? Wat is dat en wat doet het?
De herstelpunten had ik naar de F schijf gekopieerd die waren ook allemaal weg.
Ik kon ten minste niet kiezen voor een ander herstelpunt dan het laatste.
Met acronis had ik ook een backup gemaakt wel een paar maanden geleden maar ik had daarna niks speciaal geinstalleerd. Nu dan hijachthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30, on 2008-04-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows NT\Bureau-accessoires\wordpad.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
D:\hijackthisdec\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.EXE /FU "C:\WINDOWS\TEMP\E_S2B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = D:\Program Files\Ubisoft\RegistrationReminder\RegistrationRem inder.exe
O4 - Global Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198229345952
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: GEARSecurity - GEAR Software Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10793 bytes
En dan combofix:
ComboFix 08-04-20.5 - jos 2008-04-21 20:04:35.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.571 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\jos\Local Settings\Temporary Internet Files\Content.IE5\IJUXUVCG\ComboFix.exe
Command switches used :: C:\Documents and Settings\jos\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Qoobox
C:\Qoobox\BackEnv\appdata.folder.dat
C:\Qoobox\BackEnv\cache.folder.dat
C:\Qoobox\BackEnv\desktop.folder.dat
C:\Qoobox\BackEnv\favorites.folder.dat
C:\Qoobox\BackEnv\localappdata.folder.dat
C:\Qoobox\BackEnv\localsettings.folder.dat
C:\Qoobox\BackEnv\mypictures.folder.dat
C:\Qoobox\BackEnv\personal.folder.dat
C:\Qoobox\BackEnv\profiles.folder.dat
C:\Qoobox\BackEnv\programs.folder.dat
C:\Qoobox\BackEnv\SetPath.bat
C:\Qoobox\BackEnv\startmenu.folder.dat
C:\Qoobox\BackEnv\startup.folder.dat
C:\Qoobox\BackEnv\SysPath.dat
C:\Qoobox\BackEnv\templates.folder.dat
C:\Qoobox\CFScript_used_2008-04-21@20.04.txt
C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix2.txt
C:\Qoobox\ComboFix3.txt
C:\Qoobox\lastrun\drevB.dat
C:\Qoobox\snapshot@2008-04-21_ 2.52.52.96.dat
C:\Qoobox\snapshot@2008-04-21_ 2.52.52.96_B.dat
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))
.
2008-04-21 10:43 . 2008-04-21 20:03 <DIR> dr-h----- C:\Documents and Settings\jos\Onlangs geopend
2008-04-21 01:53 . 2008-04-21 01:53 <DIR> d-------- C:\Documents and Settings\serna\Application Data\Grisoft
2008-04-21 01:39 . 2008-04-21 01:39 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
2008-04-21 01:38 . 2008-04-21 01:38 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2008-04-21 01:37 . 2008-04-21 01:37 13,107,200 --a------ C:\WINDOWS\system32\dllcache\oembios.bin
2008-04-21 01:36 . 2008-04-21 01:36 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-21 01:35 . 2008-04-21 01:35 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-04-21 01:32 . 2008-04-21 01:32 32,866 --------- C:\WINDOWS\slrundll.exe
2008-04-21 01:29 . 2008-04-21 01:29 1,818,624 --a------ C:\WINDOWS\mixer.exe
2008-04-21 01:29 . 2008-04-21 01:29 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-04-21 01:29 . 2008-04-21 01:29 70,144 --a------ C:\WINDOWS\notepad.exe
2008-04-21 01:29 . 2008-04-21 01:29 16,730 --a------ C:\WINDOWS\Patroon.bmp
2008-04-21 01:29 . 2008-04-21 01:29 4,207 --a------ C:\WINDOWS\ODBCINST.INI
2008-04-21 01:29 . 2008-04-21 01:29 1,405 --a------ C:\WINDOWS\msdfmap.ini
2008-04-21 01:29 . 2008-04-21 01:29 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-21 01:29 . 2008-04-21 01:29 335 --a------ C:\WINDOWS\mozregistry.dat
2008-04-21 01:29 . 2008-04-21 01:29 25 --a------ C:\WINDOWS\mixerdef.ini
2008-04-21 01:28 . 2008-04-21 01:28 17,062 --a------ C:\WINDOWS\Kopje koffie.bmp
2008-04-21 01:28 . 2008-04-21 01:28 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-21 01:25 . 2008-04-21 01:25 1,036,800 --a------ C:\WINDOWS\explorer.exe
2008-04-21 01:25 . 2008-04-21 01:25 26,582 --a------ C:\WINDOWS\Groensteen.bmp
2008-04-21 01:25 . 2008-04-21 01:25 10,752 --a------ C:\WINDOWS\hh.exe
2008-04-21 01:25 . 2008-04-21 01:25 80 --a------ C:\WINDOWS\explorer.scf
2008-04-21 01:24 . 2008-04-21 01:24 139,264 --a------ C:\WINDOWS\cmuninst.exe
2008-04-21 01:24 . 2008-04-21 01:24 135,168 --a------ C:\WINDOWS\cmuninst.dat
2008-04-21 01:24 . 2008-04-21 01:24 82,944 --a------ C:\WINDOWS\clock.avi
2008-04-21 01:24 . 2008-04-21 01:24 39,104 --a------ C:\WINDOWS\cmijack.dat
2008-04-21 01:24 . 2008-04-21 01:24 28,252 --a------ C:\WINDOWS\corelpf.lrs
2008-04-21 01:24 . 2008-04-21 01:24 22,178 --a------ C:\WINDOWS\cmaudio.dat
2008-04-21 01:24 . 2008-04-21 01:24 1,272 --a------ C:\WINDOWS\Blauw 16.bmp
2008-04-21 01:24 . 2008-04-21 01:24 25 --a------ C:\WINDOWS\cdplayer.ini
2008-04-21 01:24 . 2008-04-21 01:24 2 --a------ C:\WINDOWS\desktop.ini
2008-04-21 01:24 . 2008-04-21 01:24 0 --a------ C:\WINDOWS\control.ini
2008-04-21 01:23 . 2008-04-21 01:23 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-21 01:16 . 2008-04-21 01:16 <DIR> d-------- C:\Documents and Settings\serna\Application Data\Malwarebytes
2008-04-21 00:47 . 2008-04-21 00:47 <DIR> d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-04-21 00:47 . 2008-04-21 00:47 251,184 -rahs---- C:\ntldr
2008-04-21 00:46 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 00:46 . 2008-04-21 00:46 94,080 --a------ C:\Documents and Settings\jos\Application Data\ezplay.sys
2008-04-21 00:46 . 2008-04-21 00:46 87,608 --a------ C:\Documents and Settings\jos\Application Data\ezpinst.exe
2008-04-21 00:46 . 2008-04-21 00:46 47,360 --a------ C:\Documents and Settings\jos\Application Data\pcouffin.sys
2008-04-21 00:42 . 2008-04-21 00:42 524,288 --a------ C:\backup.bin
2008-04-21 00:42 . 2008-04-21 00:42 4,952 -rahs---- C:\Bootfont.bin
2008-04-21 00:10 . 2008-04-21 00:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-04-21 00:09 . 2008-04-21 00:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-21 00:05 . 2008-04-21 00:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-21 00:00 . 2008-04-21 00:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-21 00:00 . 2008-04-21 20:02 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-20 22:00 . 2008-04-21 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cnwzsfcn
2008-04-16 21:05 . 2008-04-16 21:14 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-16 21:05 . 2008-04-16 21:05 <DIR> d-------- C:\Documents and Settings\jos\Application Data\TuneUp Software
2008-04-16 21:05 . 2008-04-16 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-16 21:05 . 2008-04-16 21:05 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-16 21:05 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-15 09:31 . 2008-04-15 09:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-14 15:35 . 2008-04-14 15:35 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Jasc
2008-04-14 15:31 . 2008-04-14 15:32 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-04-12 02:20 . 2008-04-12 15:13 <DIR> d-------- C:\Program Files\Intelore
2008-04-11 15:22 . 2008-04-11 19:37 <DIR> d-------- C:\Program Files\Azureus
2008-04-11 15:22 . 2008-04-15 17:59 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Azureus
2008-04-11 15:22 . 2008-04-11 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-10 09:43 . 2008-04-10 10:00 <DIR> d-------- C:\Program Files\Dr.Hardware 2008 english
2008-04-04 23:50 . 2008-04-04 23:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-04 23:50 . 2008-04-04 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-04 12:26 . 2008-04-14 11:19 <DIR> d-------- C:\Program Files\GameShadow
2008-04-04 12:25 . 2008-04-04 12:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-04 10:32 . 2008-04-21 20:08 5,412,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 10:32 . 2008-04-21 03:59 65,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 10:29 . 2008-04-04 10:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-02 23:39 . 2008-04-02 23:39 <DIR> d-------- C:\Program Files\Common Files\ABBYY
2008-04-02 23:35 . 2008-04-03 00:03 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0
2008-04-02 23:35 . 2008-04-03 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY
2008-04-02 20:13 . 2008-04-02 20:13 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Nero
2008-04-02 20:09 . 2008-04-02 20:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-02 20:09 . 2008-04-02 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-31 20:42 . 2008-03-31 20:42 <DIR> d-------- C:\Program Files\QuickTime
2008-03-31 20:42 . 2008-03-31 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-31 19:00 . 2008-03-31 19:00 1,409 --a------ C:\WINDOWS\system32\tmp8C393.FOT
2008-03-31 11:32 . 2008-03-31 11:32 <DIR> d-------- C:\Program Files\ScanSoft
2008-03-31 11:30 . 2008-03-31 11:31 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2008-03-28 17:07 . 2008-03-28 17:07 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-03-28 17:07 . 2008-03-28 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-03-27 22:25 . 2008-03-27 22:25 <DIR> d-------- C:\Documents and Settings\jos\Application Data\HEXelon
2008-03-27 22:24 . 2008-03-27 22:45 <DIR> d-------- C:\Program Files\TC UP
2008-03-25 17:25 . 2004-08-04 00:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-03-25 17:25 . 2004-08-04 00:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-03-25 17:25 . 2004-08-04 00:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-03-25 17:25 . 2004-08-04 00:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-03-25 17:25 . 2004-08-04 00:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-21 18:04 --------- d-----w C:\Program Files\PowerISO
2008-04-21 09:48 --------- d-----w C:\Documents and Settings\jos\Application Data\uTorrent
2008-04-21 08:17 --------- d-----w C:\Documents and Settings\jos\Application Data\MailWasherPro
2008-04-21 08:15 3,140 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-21 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-20 23:39 999,936 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-20 23:38 999,424 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-20 23:37 999,936 ----a-w C:\WINDOWS\system32\dllcache\setupapi.dll
2008-04-20 23:36 99,840 ----a-w C:\WINDOWS\system32\dllcache\helphost.exe
2008-04-20 23:35 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
2008-04-20 23:30 41,219 ----a-w C:\WINDOWS\RSETPATH.exe
2008-04-20 23:30 215,144 ----a-r C:\WINDOWS\pw32a.dll
2008-04-20 23:30 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-20 23:30 151,040 ----a-w C:\WINDOWS\PCHEALTH\UploadLB\Binaries\uploadm.exe
2008-04-20 23:29 99,840 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpHost.exe
2008-04-20 23:29 768,512 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
2008-04-20 23:29 743,936 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2008-04-20 23:29 7,168 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HCAppRes.dll
2008-04-20 23:29 38,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
2008-04-20 23:29 379,392 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msinfo.dll
2008-04-20 23:29 35,328 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\notiflag.exe
2008-04-20 23:29 21,504 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\brpinfo.dll
2008-04-20 23:29 18,944 ------w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
2008-04-20 23:29 160,256 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-04-20 23:29 102,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
2008-04-20 23:25 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-20 23:25 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-20 23:25 3,374,640 ----a-w C:\WINDOWS\Help\Tours\mmTour\tour.exe
2008-04-20 23:25 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-20 23:25 152,576 ----a-w C:\WINDOWS\Help\bnts.dll
2008-04-20 23:23 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-20 23:23 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-20 23:23 244,736 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-20 23:23 137,728 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-20 23:23 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-20 23:23 1,852,416 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-20 23:00 --------- d-----w C:\Program Files\Zone Labs
2008-04-20 23:00 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 23:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-20 23:00 --------- d-----w C:\Program Files\Unlocker
2008-04-20 22:59 --------- d-----w C:\Program Files\Uniblue
2008-04-20 22:59 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-04-20 22:59 --------- d-----w C:\Program Files\TechSmith
2008-04-20 22:59 --------- d-----w C:\Program Files\Symantec
2008-04-20 22:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-20 22:59 --------- d-----w C:\Program Files\Smart Projects
2008-04-20 22:59 --------- d-----w C:\Program Files\ScanWizard 5
2008-04-20 22:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-20 22:59 --------- d-----w C:\Program Files\Real
2008-04-20 22:55 --------- d-----w C:\Program Files\Pinnacle
2008-04-20 22:54 --------- d-----w C:\Program Files\Nuance
2008-04-20 22:54 --------- d-----w C:\Program Files\Netscape
2008-04-20 22:53 --------- d-----w C:\Program Files\Nero
2008-04-20 22:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-20 22:53 --------- d-----w C:\Program Files\MSBuild
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft Works
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-20 22:50 --------- d-----w C:\Program Files\Corel
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Scansoft Shared
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\Real
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\logishrd
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-20 22:48 --------- d-----w C:\Program Files\CCleaner
2008-04-20 22:48 --------- d-----w C:\Program Files\ATI Technologies
2008-04-20 22:48 --------- d-----w C:\Program Files\AOpen
2008-04-20 22:48 --------- d-----w C:\Program Files\ANI
2008-04-20 22:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-20 22:48 --------- d-----w C:\Program Files\ACD Systems
2008-04-20 22:47 --------- d-----w C:\Program Files\a-squared Free
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nuance
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-10 13:12 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-03-28 15:09 88 --sh--r C:\Documents and Settings\All Users\Application Data\E251144BEE.sys
2008-03-27 23:14 --------- d-----w C:\Documents and Settings\jos\Application Data\UpdateStar
2008-03-24 10:15 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-12 16:07 --------- d-----w C:\Documents and Settings\jos\Application Data\Ariane Software
2008-03-09 14:40 --------- d-----w C:\Documents and Settings\jos\Application Data\VSRevoGroup
2008-03-09 14:30 --------- d-----w C:\Program Files\VS Revo Group
2008-03-06 14:34 --------- d-----w C:\Program Files\Java
2008-03-06 14:33 --------- d-----w C:\Program Files\Common Files\Java
2008-03-05 08:49 3,011,475 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-04 12:57 --------- d-----w C:\Documents and Settings\jos\Application Data\Malwarebytes
.

<pre>
----a-w 68,856 2008-04-20 22:51:18 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-04 10:29 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-04 10:29 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-04 10:29 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-21 01:36 15360]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.exe" [2007-04-12 16:00 182272]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2008-02-24 16:24 19456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C-Media Mixer"="Mixer.exe" [2008-04-21 01:29 1818624 C:\WINDOWS\mixer.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00 155648]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Device Detector"="DevDetect.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-21 01:36 15360]
C:\Documents and Settings\jos\Menu Start\Programma's\Opstarten\
Registration .LNK - D:\Program Files\Ubisoft\RegistrationReminder\RegistrationRem inder.exe [2008-04-04 12:25:28 962560]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
FreeClip.lnk - C:\Program Files\FreeClip\FreeClip.exe [2008-04-21 00:51:12 724992]
Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe [2008-04-21 00:59:48 315392]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-21 14:31 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Device Detector"=DevDetect.exe -autorun
"beidsystemtray"=C:\Program Files\Belgium Identity Card\beidsystemtray.exe
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"F:\\torrent\\utorrent.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\driver s\VD_FileDisk.sys [2006-01-13 15:00]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe" -service []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 16:16]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-21 01:39]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvb i.sys [2008-04-21 01:37]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-21 01:37]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]
S3 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 16:16]
S3 OpenDrv;OpenDrv;C:\Program Files\AOpen\SilentTek\OpenDrv.sys [2008-04-21 00:48]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-04-16 21:05]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-04 21:50:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-21 18:00:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-12 16:47:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 23:40:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 23:40:47 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 20:08:27
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-04-21 20:09:56
ComboFix-quarantined-files.txt 2008-04-21 18:09:49
Pre-Run: 227,729,866,752 bytes beschikbaar
Post-Run: 227,708,370,944 bytes beschikbaar
357

Rosty
21 April 2008, 21:35
Hoi,


waarom heb je de recovery console niet geinstaleerd? Wat is dat en wat doet het?
Dit is nodig voor het geval ik iets verkeerds laat fixen of jij per ongeluk een verkeerde regel fixt!!!

Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

serna
21 April 2008, 23:00
Heeft RP218\A0085127.dll (Trojan.Vundo)2 maal gevonden.recovery console
recovery console is dat een onderdeel van windows? Ik heb nog een oude versie
zonder service pack 2(heb dit apart moeten installeren) Hoe kan ik dat erop zetten?
Ik had al gescand met malware met AVG antivirus met superantispyware en met avast
virus programma.
Zou nu alles weg zijn? Dan ga ik maar een backup maken met acronis of is er iets beter?

Rosty
22 April 2008, 17:35
Kun je niet gewoon de log posten van MBAM? En recovery console is inderdaad een onderdeel van windows.

serna
22 April 2008, 19:28
Hier is de log van MBam 4-21-2008
Malwarebytes' Anti-Malware 1.11
Database versie: 667
Scan type: Volledige Scan (C:\|)
Objecten gescand: 146186
Verstreken tijd: 47 minute(s), 45 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\System Volume Information\_restore{700D70B5-EA51-4319-B5E2-DC8851F56F81}\RP218\A0085127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{700D70B5-EA51-4319-B5E2-DC8851F56F81}\RP218\A0085138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Heel erg bedankt hoor.

Rosty
22 April 2008, 21:39
Hoe werkt alles nu?

serna
23 April 2008, 00:45
Alles marcheert prima denk ik.
Nogmaals heel erg bedankt.

serna
23 April 2008, 12:27
Alles lijkt ok.
Nogmaals heel erg bedankt.

Rosty
23 April 2008, 17:54
Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt

Hier nog wat tips. tips (http://www.jawwi.nl/tips/beveiligen.html)

De tooltjes die we gebruikt hebben mag je ook terug verwijderen hoor!!!

serna
24 April 2008, 15:11
In XP prof kan je toch de herstelpunten verwijderen zonder systemherstel uit te schakelen.Is dat dan niet voldoende?
Ik heb regseeker eens laten draaien en die heeft veel uit het register verwijdert.
Hier is nog een hijjackthis logje maar ik denk dat alles wel weg is.
ALogfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08, on 2008-04-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\Mixer.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\totalcmd\TOTALCMD.EXE
D:\hijackthisdec\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.EXE /FU "C:\WINDOWS\TEMP\E_S2B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198229345952
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: GEARSecurity - GEAR Software Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11687 bytes

Rosty
24 April 2008, 18:27
Dat ziet er goed uit, hoor.

Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

serna
24 April 2008, 19:02
Bedankt Rosty dit mag dan afgesloten worden.