PC weer es paraplu [Archief]

Volledige versie bekijken : PC weer es paraplu

compuchrisje

14 February 2009, 01:53

Laatste tijd werd pc opmerkelijk trager. Eergisteren had ik het grafisch progje Wink binnengehaald, waarbij men bepaalde toetsencombinaties moet gebruiken om schermopnamen te maken. Erna liep er één en ander flink fout. Diverse toetsencombinaties doen het niet meer, Shift-Delete, koppelteken, Ctrl-C en ctrl-V (copy-plak van url's in de beide browsers), nagenoeg alle toetsen dus buiten het letterklavier.
Vandaag start pc op met een scherm op 15" formaat, koeien van icoontjes en letters dus, die ik via de schermeigenschappen wel terug in orde kreeg, maar bij reboot koppig terugkwamen.
MBam opgehaald en laten scannen, hierna dus het HJT logje voor, dat van MBam en het logje na MBam

Voor MBam

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:20:45, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StickIt\StickIt3.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Proshow\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hivecleanup\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe
O4 - HKCU\..\Run: [WallPaper] E:\9CEC7~1.MSN\WALLPA~1\WALLPA~1.90\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229118675984
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172027649125
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200417483468
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Proshow\ScsiAccess.exe

--
End of file - 9922 bytes

Verslag MBam

Malwarebytes' Anti-Malware 1.34
Database versie: 1760
Windows 5.1.2600 Service Pack 3

14/02/2009 0:31:07
mbam-log-2009-02-14 (00-31-07).txt

Scan type: Snelle Scan
Objecten gescand: 75094
Verstreken tijd: 5 minute(s), 39 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 3
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
C:\Documents and Settings\Chris\Application Data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\RegSweep\Registry Backups (Rogue.RegSweep) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
C:\Documents and Settings\Chris\Application Data\RegSweep\Registry Backups\2007-10-03_08-44-25.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.

Hijackthis na Mbam

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:38:09, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StickIt\StickIt3.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Proshow\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hivecleanup\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe
O4 - HKCU\..\Run: [WallPaper] E:\9CEC7~1.MSN\WALLPA~1\WALLPA~1.90\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229118675984
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172027649125
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200417483468
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Proshow\ScsiAccess.exe

--
End of file - 9771 bytes

Black_Bird

14 February 2009, 15:10

Hoi :)

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, tesamen met een nieuwe HijackThislog.

compuchrisje

14 February 2009, 20:22

Ook Hoi en bedankt voor de snelle reply :D
Even melden dat combofix nogal lang is blijven plakken bij deel 32, weet niet of dat van belang is.

ComboFix 09-02-12.03 - Chris 2009-02-14 18:29:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.511 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config.dat
c:\windows\ynh.dx

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
.

2009-02-14 19:04 . 2009-02-14 19:04 53,248 --a------ c:\temp\catchme.dll
2009-02-14 19:03 . 2009-02-14 19:03 <DIR> d-------- c:\temp\WPDNSE
2009-02-14 19:03 . 2009-02-14 19:03 0 --a----t- c:\temp\Perflib_Perfdata_220.dat
2009-02-14 08:41 . 2009-02-14 08:41 <DIR> dr-h----- c:\documents and settings\Chris\Onlangs geopend
2009-02-14 02:52 . 2005-02-24 07:32 176,128 --a------ c:\windows\system32\nvudisp.exe
2009-02-14 02:52 . 2005-02-24 07:32 14,435 --a------ c:\windows\system32\nvdisp.nvu
2009-02-14 02:51 . 2009-02-14 19:04 <DIR> d-------- c:\temp\pftA.tmp
2009-02-14 02:51 . 2009-02-14 02:52 <DIR> d-------- c:\temp\issB.tmp
2009-02-14 02:31 . 2009-02-14 02:31 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-14 02:31 . 2009-02-14 02:31 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-14 01:52 . 2009-02-14 01:52 1,374 --a------ c:\windows\imsins.BAK
2009-02-14 00:50 . 2009-02-14 00:50 <DIR> d-------- c:\temp\VBE
2009-02-14 00:23 . 2009-02-14 00:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 00:23 . 2009-02-14 00:23 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-02-14 00:23 . 2009-02-14 00:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 00:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 00:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 06:55 . 2008-04-14 19:02 116,736 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-13 06:55 . 2001-09-06 21:27 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-02-13 06:55 . 2001-09-06 21:27 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-02-13 06:55 . 2001-09-06 21:27 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-13 06:55 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-02-13 06:55 . 2008-04-14 19:02 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-02-13 06:55 . 2001-08-17 20:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-02-13 06:55 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-02-13 06:55 . 2001-09-06 21:27 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-02-13 06:53 . 2001-08-17 21:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
2009-02-13 06:52 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-02-13 06:51 . 2001-09-06 21:27 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-13 06:50 . 2001-08-17 22:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2009-02-13 06:50 . 2001-09-06 21:26 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-02-13 06:50 . 2008-04-13 20:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2009-02-13 06:50 . 2001-08-17 20:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys
2009-02-13 06:50 . 2001-08-17 20:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys
2009-02-13 06:50 . 2001-09-06 21:26 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll
2009-02-13 06:50 . 2001-08-17 20:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys
2009-02-13 06:50 . 2001-08-17 20:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys
2009-02-13 06:50 . 2001-08-17 21:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys
2009-02-13 06:50 . 2001-08-17 20:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys
2009-02-13 06:50 . 2001-08-17 20:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys
2009-02-13 06:50 . 2001-08-17 21:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys
2009-02-13 06:48 . 2001-09-06 21:27 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll
2009-02-13 06:48 . 2001-09-06 21:27 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll
2009-02-13 06:48 . 2001-09-06 21:27 99,840 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-02-13 06:48 . 2001-08-17 21:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys
2009-02-13 06:48 . 2001-08-17 20:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys
2009-02-13 06:48 . 2001-08-17 20:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys
2009-02-13 06:48 . 2001-09-06 21:27 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll
2009-02-13 06:48 . 2001-08-17 20:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys
2009-02-13 06:48 . 2001-08-17 22:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys
2009-02-13 06:48 . 2001-08-17 21:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys
2009-02-13 06:48 . 2008-04-13 20:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2009-02-13 06:48 . 2001-08-17 21:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys
2009-02-13 06:46 . 2001-09-06 21:26 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-02-13 06:45 . 2001-09-06 21:27 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-02-13 06:44 . 2001-09-06 21:26 182,272 --a--c--- c:\windows\system32\dllcache\s3mt3d.dll
2009-02-13 06:43 . 2001-09-06 20:29 899,594 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-13 06:42 . 2008-04-14 19:02 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-02-13 06:41 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-02-13 06:40 . 2001-08-17 20:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-02-13 06:40 . 2001-09-06 21:26 123,776 --a--c--- c:\windows\system32\dllcache\nv3.dll
2009-02-13 06:40 . 2001-09-06 20:09 54,666 --a--c--- c:\windows\system32\dllcache\otcsercb.sys
2009-02-13 06:40 . 2001-08-17 20:20 54,528 --a--c--- c:\windows\system32\dllcache\opl3sax.sys
2009-02-13 06:40 . 2001-08-17 20:49 51,552 --a--c--- c:\windows\system32\dllcache\ntgrip.sys
2009-02-13 06:40 . 2001-08-17 22:05 48,000 --a--c--- c:\windows\system32\dllcache\ovcam2.sys
2009-02-13 06:40 . 2001-09-06 20:09 43,785 --a--c--- c:\windows\system32\dllcache\otceth5.sys
2009-02-13 06:40 . 2001-08-17 22:05 28,032 --a--c--- c:\windows\system32\dllcache\ovcd.sys
2009-02-13 06:40 . 2001-08-17 20:12 27,209 --a--c--- c:\windows\system32\dllcache\otc06x5.sys
2009-02-13 06:40 . 2001-08-17 22:05 25,088 --a--c--- c:\windows\system32\dllcache\ovca.sys
2009-02-13 06:40 . 2001-09-06 19:49 9,472 --a--c--- c:\windows\system32\dllcache\ntapm.sys
2009-02-13 06:40 . 2001-08-17 21:53 7,552 --a--c--- c:\windows\system32\dllcache\nsmmc.sys
2009-02-13 06:38 . 2001-09-06 19:31 131,072 --a--c--- c:\windows\system32\dllcache\n100325.sys
2009-02-13 06:38 . 2001-08-17 20:50 103,296 --a--c--- c:\windows\system32\dllcache\mtxvideo.sys
2009-02-13 06:38 . 2001-09-06 19:31 76,416 --a--c--- c:\windows\system32\dllcache\mxport.sys
2009-02-13 06:38 . 2001-09-06 19:31 53,279 --a--c--- c:\windows\system32\dllcache\n1000nt5.sys
2009-02-13 06:38 . 2008-04-13 20:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2009-02-13 06:38 . 2001-09-06 19:31 22,016 --a--c--- c:\windows\system32\dllcache\mxcard.sys
2009-02-13 06:38 . 2008-04-13 20:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2009-02-13 06:38 . 2001-08-17 21:49 19,968 --a--c--- c:\windows\system32\dllcache\mxnic.sys
2009-02-13 06:38 . 2001-09-06 21:27 19,968 --a--c--- c:\windows\system32\dllcache\mxicfg.dll
2009-02-13 06:38 . 2001-08-17 21:48 12,416 --a--c--- c:\windows\system32\dllcache\msriffwv.sys
2009-02-13 06:38 . 2001-09-06 21:27 7,168 --a--c--- c:\windows\system32\dllcache\mxport.dll
2009-02-13 06:38 . 2001-08-17 22:00 2,944 --a--c--- c:\windows\system32\dllcache\msmpu401.sys
2009-02-13 06:37 . 2001-09-06 18:59 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-02-13 06:37 . 2001-09-06 21:26 235,648 --a--c--- c:\windows\system32\dllcache\mgaud.dll
2009-02-13 06:37 . 2008-04-14 19:03 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2009-02-13 06:37 . 2008-04-13 20:46 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2009-02-13 06:37 . 2001-08-17 22:02 35,200 --a--c--- c:\windows\system32\dllcache\msgame.sys
2009-02-13 06:37 . 2001-08-17 21:52 17,280 --a--c--- c:\windows\system32\dllcache\mraid35x.sys
2009-02-13 06:37 . 2001-08-17 21:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys
2009-02-13 06:37 . 2008-04-13 20:46 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2009-02-13 06:37 . 2001-08-17 21:52 6,528 --a--c--- c:\windows\system32\dllcache\miniqic.sys
2009-02-13 06:37 . 2001-08-17 21:48 6,016 --a--c--- c:\windows\system32\dllcache\msfsio.sys
2009-02-13 06:35 . 2008-04-14 19:02 254,464 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2009-02-13 06:34 . 2001-09-06 21:26 90,200 --a--c--- c:\windows\system32\dllcache\io8ports.dll
2009-02-13 06:34 . 2008-04-13 20:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2009-02-13 06:34 . 2001-08-17 20:12 45,632 --a--c--- c:\windows\system32\dllcache\ip5515.sys
2009-02-13 06:34 . 2001-08-17 21:50 38,784 --a--c--- c:\windows\system32\dllcache\io8.sys
2009-02-13 06:34 . 2001-08-17 21:49 26,624 --a--c--- c:\windows\system32\dllcache\irstusb.sys
2009-02-13 06:34 . 2001-08-17 21:49 23,552 --a--c--- c:\windows\system32\dllcache\irmk7.sys
2009-02-13 06:34 . 2001-08-17 21:51 18,688 --a--c--- c:\windows\system32\dllcache\irsir.sys
2009-02-13 06:34 . 2001-08-17 21:52 16,000 --a--c--- c:\windows\system32\dllcache\ini910u.sys
2009-02-13 06:34 . 2001-09-06 18:16 13,568 --a--c--- c:\windows\system32\dllcache\inport.sys
2009-02-13 06:34 . 2008-04-14 18:37 5,504 --a--c--- c:\windows\system32\dllcache\intelide.sys
2009-02-13 06:32 . 2001-08-17 21:28 542,879 --a--c--- c:\windows\system32\dllcache\hsf_msft.sys
2009-02-13 06:31 . 2001-09-06 21:26 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-02-13 06:30 . 2001-09-06 21:26 470,144 --a--c--- c:\windows\system32\dllcache\g200d.dll
2009-02-13 06:29 . 2001-09-06 20:14 630,016 --a--c--- c:\windows\system32\dllcache\eqn.sys
2009-02-13 06:28 . 2001-09-06 19:54 634,198 --a--c--- c:\windows\system32\dllcache\el656ct5.sys
2009-02-13 06:27 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-02-13 06:26 . 2008-04-14 19:02 251,904 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2009-02-13 06:25 . 2001-09-06 18:59 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-02-13 06:24 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-02-13 06:23 . 2001-08-17 22:07 56,960 --a--c--- c:\windows\system32\dllcache\aic78xx.sys
2009-02-13 06:21 . 2001-08-17 20:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-02-13 06:21 . 2001-08-17 20:19 584,448 --a--c--- c:\windows\system32\dllcache\adm8810.sys
2009-02-13 06:21 . 2001-08-17 20:19 553,984 --a--c--- c:\windows\system32\dllcache\adm8820.sys
2009-02-13 06:21 . 2001-08-17 22:07 101,888 --a--c--- c:\windows\system32\dllcache\adpu160m.sys
2009-02-13 06:21 . 2001-08-17 20:11 46,112 --a--c--- c:\windows\system32\dllcache\adptsf50.sys
2009-02-13 06:21 . 2001-08-17 20:11 20,160 --a--c--- c:\windows\system32\dllcache\adm8511.sys
2009-02-13 06:21 . 2004-08-03 22:32 10,880 --a--c--- c:\windows\system32\dllcache\admjoy.sys
2009-02-13 06:21 . 2001-08-17 21:53 7,424 --a--c--- c:\windows\system32\dllcache\adicvls.sys
2009-02-13 06:19 . 2001-09-06 21:26 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-02-13 05:46 . 2009-02-13 05:46 <DIR> d-------- c:\program files\DebugMode
2009-02-13 03:09 . 2009-02-14 06:04 <DIR> d-------- c:\temp\hsperfdata_Chris

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-14 18:04 --------- d-----w c:\program files\StickIt
2009-02-14 18:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-14 05:08 --------- d-----w c:\documents and settings\Chris\Application Data\Zylom
2009-02-14 05:07 --------- d-----w c:\program files\Zylom Games
2009-02-14 00:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-14 00:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-10 20:50 --------- d-----w c:\documents and settings\Chris\Application Data\FileZilla
2009-02-09 23:06 --------- d-----w c:\program files\AviScreen classic
2009-02-09 16:13 --------- d-----w c:\program files\a-squared Free
2009-02-05 02:14 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-05 02:14 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-04 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 21:13 --------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory
2009-01-29 18:41 --------- d-----w c:\program files\QuickTime
2009-01-21 21:03 --------- d-----w c:\program files\SuDoku
2009-01-08 00:34 --------- d-----w c:\documents and settings\Chris\Application Data\uTorrent
2009-01-08 00:32 --------- d-----w c:\program files\SpeedFan
2009-01-08 00:21 --------- d-----w c:\program files\PC Tune-Up
2009-01-01 03:33 --------- d-----w c:\program files\Roxio
2009-01-01 03:33 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-26 17:33 --------- d-----w c:\program files\Premium Booster
2008-12-25 01:03 --------- d-----w c:\program files\Daniusoft
2008-12-23 15:01 --------- d-----w c:\program files\Audioblast
2008-12-23 07:20 --------- d-----w c:\program files\GoldWave
2008-12-22 00:12 --------- d-----w c:\program files\uTorrent
2008-12-16 20:38 --------- d-----w c:\program files\Free Offers from Freeze.com
2008-12-15 14:18 16,640 ----a-w c:\windows\system32\drivers\DsAudioDevice_286.sys
2008-12-15 05:59 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-12-15 01:47 --------- d-----w c:\documents and settings\Chris\Application Data\Corel
2008-12-15 01:44 --------- d-----w c:\program files\Common Files\Corel
2007-07-22 03:34 81,920 ----a-w c:\documents and settings\Chris\Application Data\ezpinst.exe
2007-07-22 03:34 47,360 ----a-w c:\documents and settings\Chris\Application Data\pcouffin.sys
2007-07-17 17:52 1,585 ----a-w c:\program files\Lisence.txt
2007-07-15 20:35 138 ------w c:\program files\Thanks.txt
2007-07-15 20:32 1,750 ------w c:\program files\ReadMe.txt
2007-07-15 20:21 15,893 ----a-w c:\program files\help_gr.chm
2007-07-15 20:18 16,146 ------w c:\program files\help.chm
2007-07-15 17:16 5,890 ----a-w c:\program files\LICENSE.rtf
2007-07-13 21:32 11,256 ----a-w c:\program files\button_up.dat
2007-04-21 00:29 560 ----a-w c:\program files\Global.sw
2007-02-21 04:06 1,390 -c--a-w c:\program files\uninstal.log
2006-11-16 19:39 1,008 ------w c:\program files\close2.dat
2006-11-16 19:39 1,008 ------w c:\program files\close1.dat
2006-06-18 01:29 4 ------w c:\program files\anoixto.dat
2006-06-17 11:27 40,040 ------w c:\program files\bar.dat
2001-08-13 14:51 1,396,337 ----a-w c:\program files\Captura.exe
1997-01-22 04:14 60,186 ------w c:\program files\optimize.WAV
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-05-12 22:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist0120080513 20080514\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="c:\progra~1\WHATPU~1\WHATPU~1.EXE" [2004-12-05 543744]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StickIt"="c:\program files\StickIt\StickIt3.exe" [2007-03-02 315392]
"WallPaper"="e:\9cec7~1.msn\WALLPA~1\WALLPA~1.90\WALLPA~1.EXE" [2001-06-10 246272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-12-20 1165104]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-12-19 1941808]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-12-19 149024]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2007-12-11 1481984]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-05-05 19:42 294912 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 03:14 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 11:32 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll
"vidc.i420"= i420vfw.dll
"vidc.mjpg"= pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Post-it® Software Notes Lite.lnk]
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^HDDlife.lnk]
path=c:\documents and settings\Chris\Menu Start\Programma's\Opstarten\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^Stardock ObjectDock.lnk]
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^UDPixel.lnk]
backup=c:\windows\pss\UDPixel.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
rem [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo PopUpBlocker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snarfer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2006-12-19 23:19 1941808 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
--a------ 2005-12-06 12:08 20480 c:\windows\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 d:\porgram files\PSPX2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-04-19 06:42 3293184 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-03-24 00:26 217088 c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2006-12-20 00:34 1165104 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"StarWindService"=2 (0x2)
"a2free"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\StickIt\\StickIt3.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\RM.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\PMSRegisterFile.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\umi.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-04-25 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-04-25 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2007-12-11 79096]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2007-12-11 23672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-01-09 51440]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 298264]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2008-09-11 45848]
R2 mp3m2pls;mp3m2pls;c:\windows\system32\drivers\mp3m 2pls.sys [2007-04-29 5513]
R2 ppsio;PrmxPPDev;c:\windows\system32\drivers\PPSIO. SYS [2007-03-31 22688]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\sys tem32\drivers\DsAudioDevice_286.sys [2008-12-25 16640]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2007-02-21 24544]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-06-02 16512]
S3 pmxscan;USB Scanner Driver;c:\windows\system32\drivers\usbscan.sys [2007-03-31 15104]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-08-13 98488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2007-02-21 449920]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - uphcleanhlp
.
Inhoud van de 'Gedeelde Taken' map

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-09 c:\windows\Tasks\SyncBack nu.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00]

2009-02-10 c:\windows\Tasks\SyncBack today.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00]

2009-02-05 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2009-02-14 c:\windows\Tasks\User_Feed_Synchronization-{750B0ADC-2173-4387-B22F-94E3461ADCCE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-Update Service - c:\program files\Common Files\Teknum Systems\update.exe
MSConfigStartUp-HDInspector - (no file)

.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.gva.be/
IE: E&xporteren naar Microsoft Excel
Trusted Zone: live.com\bl112w.blu112.mail
Trusted Zone: zylom.com\www.nl.be
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\0fd6vqm6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.minatica.be/
FF - plugin: c:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\divx\DivX Web Player\npdivx32.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 19:04:51
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,37,e7,f6,de,b8,
0c,94,07,c8,28,51,af,b0,29,a3,98,02,0a,fd,22,15,56 ,4d,6a,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,3b,31,87,d3,0d,
ca,56,78,71,3b,04,66,8b,46,0d,96,c1,85,a7,16,99,55 ,10,4e,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,eb,15,00,43,6f,
27,86,36,25,da,ec,7e,55,20,c9,26,2d,6f,e8,27,b0,e4 ,33,50,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,a6,1c,90,73,e5,
c2,bc,13,3e,1e,9e,e0,57,5a,93,61,6e,7f,b8,5d,85,1b ,d5,09,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,38,ac,5f,ef,e7,
2d,d8,eb,cd,44,cd,b9,a6,33,6c,cd,ea,c9,75,1f,ab,21 ,f8,24,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,a3,7b,a5,cc,5f,
67,50,5e,b0,18,ed,a7,3f,8d,37,a4,0c,0a,a6,f6,43,91 ,e6,12,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,5c,c7,0e,b0,29,
3a,79,d6,31,77,e1,ba,b1,f8,68,02,8d,07,35,a0,0c,b8 ,13,d1,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ba,86,7a,d2,61,
d2,93,19,83,6c,56,8b,a0,85,96,ab,f7,d3,3f,71,b1,82 ,18,ec,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,37,6d,a7,9a,19,
1b,b7,3f,51,fa,6e,91,28,9e,14,cc,cb,2b,8b,7c,5d,f0 ,6e,a5,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,07,13,e8,d3,44,
12,05,66,b1,cd,45,5a,a8,c4,f8,b9,45,df,82,7d,db,7b ,2d,75,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a0,90,95,4c,61,
88,d2,1c,e3,0e,66,d5,eb,bc,2f,6b,eb,86,bb,13,ec,b7 ,ba,ca,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,97,d7,64,90,3b,
4d,00,4c,fa,ea,66,7f,d4,3b,6b,70,79,fd,31,da,9b,c0 ,14,17,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\relog_ap.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Comodo\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\AVG\AVG8\avgrsx.exe
d:\proshow\scsiaccess.exe
c:\program files\Hivecleanup\uphclean.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-02-14 19:10:46 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-14 18:10:40
ComboFix2.txt 2008-01-30 15:27:35

Pre-Run: 33.768.402.944 bytes beschikbaar
Post-Run: 33,762,250,752 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=Micros oft Windows XP Professional" /FASTDETECT /NOGUIBOOT
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Veilige Modus" /safeboot:minimal /sos /bootlog

483 --- E O F --- 2009-02-14 00:58:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:06, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Proshow\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hivecleanup\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StickIt\StickIt3.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe
O4 - HKCU\..\Run: [WallPaper] E:\9CEC7~1.MSN\WALLPA~1\WALLPA~1.90\WALLPA~1.EXE /h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229118675984
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172027649125
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200417483468
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Proshow\ScsiAccess.exe

--
End of file - 9492 bytes

Raar, maar voor selecteren (Ctrl+a) doet ie het goed, kopieren met toetsjes wil ie weer niet, maar plakken wel. Haakjes sluiten werkte dan ook niet. Straks es proberen toetsenbord af te koppelen en opnieuw te installeren.

compuchrisje

14 February 2009, 20:23

Black_Bird

14 February 2009, 20:56

Hoi,

Voortaan mag je je bericht ook één keer plaatsen :lol:

1. Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Folder::
c:\temp

Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.

2. Ga naar Virustotal.com (http://www.virustotal.com)
Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren..." opzoeken!): c:\program files\button_up.dat
Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie. :)
Doe dit ook voor de volgende bestanden:
c:\program files\Global.sw
c:\program files\close1.dat
c:\program files\bar.dat
c:\program files\Captura.exe
c:\windows\CameraFixer.exe

3. Post nu de ComboFixlog in je volgende bericht, tesamen met de logjes van VirusTotal.

Excuus voor de vele bestanden die moeten worden gescand, maar deze zijn allen vrij onbekend :shy:

compuchrisje

14 February 2009, 22:57

Captura is een screencapture tool, dat ik al enkele jaren gebruik. Dat zal dus geen 'zwaar beestje' wezen. De andere zijn me ook niet meteen bekend, er staan zoveel *.dat bestanden door windows zelf aangemaakt pff.
Van dat dubbel posten, da's mss een voorbeeldje van hoe prettig werken het hier is momenteel :D.
Heb de bestandjes via mail verstuurd omdat er geen andere optie is buiten Bladeren. Wachten op antwoord dus.

Black_Bird

14 February 2009, 23:00

Hoi,

Heb je alvast het logje van stap 1 voor me? :)

Ik doelde met het kopieren/plakken, dat bestandspad plakken in het veld naast bladeren... Als je gaat bladeren kunnen bestanden verborgen zijn, en dat verkom je daardoor. Maar ik hoor het wel als je de resultaten van VirusTotal hebt. ;)

compuchrisje

15 February 2009, 00:50

Bij herstarten van pc kreeg ik een leeg text-bestand met foutmelding: kan het opgegeven pad niet vinden.
Bij controle van mail via Outlook Express was even voor de scan van combofix één berichtje toegekomen van virusalert:

Complete scanning result of "Global.sw", processed in VirusTotal at 02/14/2009 21:57:23 (CET).

[ file data ]
* name..: Global.sw
* size..: 560
* md5...: 359effe72d2ff2921ffb55503ccf58d0
* sha1..: 78ade6204ea4708ee466f7ab1667583b42b13e75
* peid..: -

[ scan result ]
a-squared 4.0.0.93/20090214 found nothing
AhnLab-V3 5.0.0.2/20090214 found nothing
AntiVir 7.9.0.79/20090213 found nothing
Authentium 5.1.0.4/20090214 found nothing
Avast 4.8.1335.0/20090214 found nothing
AVG 8.0.0.237/20090214 found nothing
BitDefender 7.2/20090214 found nothing
CAT-QuickHeal 10.00/20090213 found nothing
ClamAV 0.94.1/20090214 found nothing
Comodo 977/20090214 found nothing
DrWeb 4.44.0.09170/20090214 found nothing
eSafe 7.0.17.0/20090212 found nothing
eTrust-Vet 31.6.6358/20090214 found nothing
F-Prot 4.4.4.56/20090214 found nothing
F-Secure 8.0.14470.0/20090214 found nothing
Fortinet 3.117.0.0/20090214 found nothing
GData 19/20090214 found nothing
Ikarus T3.1.1.45.0/20090214 found nothing
K7AntiVirus 7.10.630/20090214 found nothing
Kaspersky 7.0.0.125/20090214 found nothing
McAfee 5526/20090214 found nothing
McAfee+Artemis 5526/20090214 found nothing
Microsoft 1.4306/20090214 found nothing
NOD32 3853/20090214 found nothing
Norman 6.00.02/20090213 found nothing
nProtect 2009.1.8.0/20090214 found nothing
Panda 10.0.0.10/20090214 found nothing
PCTools 4.4.2.0/20090214 found nothing
Prevx1 V2/20090214 found nothing
Rising 21.16.52.00/20090214 found nothing
SecureWeb-Gateway 6.7.6/20090214 found nothing
Sophos 4.38.0/20090214 found nothing
Sunbelt 3.2.1851.2/20090212 found nothing
Symantec 10/20090214 found nothing
TheHacker 6.3.2.1.256/20090214 found nothing
TrendMicro 8.700.0.1004/20090214 found nothing
VBA32 3.12.8.12/20090214 found nothing
ViRobot 2009.2.14.1607/20090214 found nothing
VirusBuster 4.5.11.0/20090214 found nothing

Tot hiertoe nog geen nieuwe berichten over de andere files.

Edit: even gesnuffeld in mijn systeem en onder Combofix dit toch gevonden:

2007-03-31 18:14:39 A------- 160 C:\Qoobox\Quarantine\C\WINDOWS\system32\CONFIG.DAT .vir
2008-11-25 02:08:48 A------- 0 C:\Qoobox\Quarantine\C\WINDOWS\ynh.dx.vir
2009-02-14 18:25:38 A------- 1,010 C:\Qoobox\Quarantine\catchme.log
2009-02-14 18:59:27 A------- 9,769 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-02-14 19:04:01 A------- 16,384 C:\Qoobox\Quarantine\C\TEMP\~DFF93E.tmp.vir
2009-02-14 19:08:44 A------- 578 C:\Qoobox\Quarantine\C\TEMP\jusched.log.vir
2009-02-14 19:09:21 A------- 172 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Update Service.reg.dat
2009-02-14 19:09:36 A------- 494 C:\Qoobox\Quarantine\Registry_backups\MSConfigStar tUp-HDInspector.reg.dat
2009-02-14 19:10:53 A------- 35,458 C:\Qoobox\Quarantine\C\TEMP\log.txt.vir
2009-02-14 19:12:52 A------- 114,688 C:\Qoobox\Quarantine\C\TEMP\~DF459A.tmp.vir
2009-02-14 19:42:22 A------- 18,464 C:\Qoobox\Quarantine\C\TEMP\MPC3.tmp.vir
2009-02-14 19:45:38 A------- 483 C:\Qoobox\Quarantine\C\TEMP\WGAErrLog.txt.vir
2009-02-14 19:47:49 A------- 158 C:\Qoobox\Quarantine\C\TEMP\dbg_RA_proc.txt.vir
2009-02-14 19:47:59 A------- 16,384 C:\Qoobox\Quarantine\C\TEMP\~DF9AA9.tmp.vir
2009-02-14 20:07:17 A------- 2,787 C:\Qoobox\Quarantine\C\TEMP\MessengerCache\XGy+JOf MfTber+n5Dp8p5WyFpk0=.vir
2009-02-14 20:42:44 A------- 19,930 C:\Qoobox\Quarantine\C\TEMP\MessengerCache\EHyd1vI GYnbKNfvJCwvP+bnT1oc=.vir
2009-02-14 21:23:53 A------- 22,273 C:\Qoobox\Quarantine\C\TEMP\MessengerCache\aNNZ93E xGdUHLGBMt7SyGVcA0s8=.vir
2009-02-14 21:29:44 A------- 2,771 C:\Qoobox\Quarantine\C\TEMP\MessengerCache\8z8mz20 J5MgIfzazeiWy+QVqmzI=.vir
2009-02-14 21:30:45 A------- 3,142 C:\Qoobox\Quarantine\C\TEMP\MessengerCache\cOmCau8 0pqA89l4ZGDWVWyoZYP4=.vir
2009-02-14 22:20:00 A------- 72 C:\Qoobox\Quarantine\C\TEMP\Av-test.txt.vir
2009-02-14 22:20:32 A------- 652 C:\Qoobox\Quarantine\C\TEMP\_Perflib_Perfdata_5b0_ .dat.zip
2009-02-14 22:50:08 A------- 1,902 C:\Qoobox\Quarantine\C\TEMP\_~DF9AA9_.tmp.zip

Black_Bird

15 February 2009, 12:03

Hoi,

Start ComboFix even opnieuw, en post het logje in je volgende bericht, tesamen met een nieuwe Hijackthislog. :)

compuchrisje

15 February 2009, 19:26

Scan is bezig, nog maar es. Heb AVG op diverse manieren proberen monddood te krijgen maar die blijft koppig terugkomen in actieve processen. Mail gekregen van VirusAlert, alle betreffende bestanden negatief. Kan de log niet plakken hier omdat het op de desktop staat (waar ik nu op bezig ben dus niet). Begin wel mijn twijfels te krijgen over de fixes van bovenstaande progjes, veel software die ik via GiveAwayOfTheDay heb zijn opeens niet meer toegankelijk. Missing dll's etc, mss best overgaan tot het terugzetten van een image als er niks anders uit de bus komt?

compuchrisje

15 February 2009, 19:57

De combofix nog es:

ComboFix 09-02-14.01 - Chris 2009-02-15 18:06:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.522 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-15 to 2009-02-15 ))))))))))))))))))))))))))))))
.

2009-02-15 18:43 . 2009-02-15 18:43 <DIR> d-------- c:\temp\WPDNSE
2009-02-15 18:43 . 2009-02-15 18:43 53,248 --a------ c:\temp\catchme.dll
2009-02-15 18:42 . 2009-02-15 18:42 0 --a----t- c:\temp\Perflib_Perfdata_7bc.dat
2009-02-15 18:40 . 2009-02-15 18:40 <DIR> dr-h----- c:\documents and settings\Chris\Onlangs geopend
2009-02-15 07:18 . <DIR> c:\temp\Tijdelijke bestanden
2009-02-15 00:53 . 2009-02-15 18:43 <DIR> d-------- c:\temp\MessengerCache
2009-02-14 23:46 . 2009-02-15 18:44 <DIR> d-------- C:\TEMP
2009-02-14 22:54 . 2009-02-14 22:54 16,384 --a------ c:\windows\~DF134F.tmp
2009-02-14 19:45 . 2009-02-14 19:45 <DIR> d-------- c:\program files\Labtec
2009-02-14 19:45 . 2009-02-14 19:44 6,205 --a------ c:\windows\system\Kbdvx32a.vxd
2009-02-14 02:52 . 2005-02-24 07:32 176,128 --a------ c:\windows\system32\nvudisp.exe
2009-02-14 02:52 . 2005-02-24 07:32 14,435 --a------ c:\windows\system32\nvdisp.nvu
2009-02-14 02:31 . 2009-02-14 02:31 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-14 02:31 . 2009-02-14 02:31 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-14 00:23 . 2009-02-14 00:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 00:23 . 2009-02-14 00:23 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-02-14 00:23 . 2009-02-14 00:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 00:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 00:23 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 06:55 . 2008-04-14 19:02 116,736 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-13 06:55 . 2001-09-06 21:27 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-02-13 06:55 . 2001-09-06 21:27 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-02-13 06:55 . 2001-09-06 21:27 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-13 06:55 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-02-13 06:55 . 2008-04-14 19:02 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-02-13 06:55 . 2001-08-17 20:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-02-13 06:55 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-02-13 06:55 . 2001-09-06 21:27 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-02-13 06:53 . 2001-08-17 21:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
2009-02-13 06:52 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-02-13 06:51 . 2001-09-06 21:27 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-13 06:50 . 2001-08-17 22:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2009-02-13 06:50 . 2001-09-06 21:26 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-02-13 06:50 . 2008-04-13 20:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2009-02-13 06:50 . 2001-08-17 20:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys
2009-02-13 06:50 . 2001-08-17 20:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys
2009-02-13 06:50 . 2001-09-06 21:26 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll
2009-02-13 06:50 . 2001-08-17 20:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys
2009-02-13 06:50 . 2001-08-17 20:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys
2009-02-13 06:50 . 2001-08-17 21:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys
2009-02-13 06:50 . 2001-08-17 20:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys
2009-02-13 06:50 . 2001-08-17 20:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys
2009-02-13 06:50 . 2001-08-17 21:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys
2009-02-13 06:48 . 2001-09-06 21:27 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll
2009-02-13 06:48 . 2001-09-06 21:27 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll
2009-02-13 06:48 . 2001-09-06 21:27 99,840 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-02-13 06:48 . 2001-08-17 21:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys
2009-02-13 06:48 . 2001-08-17 20:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys
2009-02-13 06:48 . 2001-08-17 20:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys
2009-02-13 06:48 . 2001-09-06 21:27 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll
2009-02-13 06:48 . 2001-08-17 20:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys
2009-02-13 06:48 . 2001-08-17 22:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys
2009-02-13 06:48 . 2001-08-17 21:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys
2009-02-13 06:48 . 2008-04-13 20:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2009-02-13 06:48 . 2001-08-17 21:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys
2009-02-13 06:46 . 2001-09-06 21:26 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-02-13 06:45 . 2001-09-06 21:27 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-02-13 06:44 . 2001-09-06 21:26 182,272 --a--c--- c:\windows\system32\dllcache\s3mt3d.dll
2009-02-13 06:43 . 2001-09-06 20:29 899,594 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-13 06:42 . 2008-04-14 19:02 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-02-13 06:41 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-02-13 06:40 . 2001-08-17 20:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys
2009-02-13 06:40 . 2001-09-06 21:26 123,776 --a--c--- c:\windows\system32\dllcache\nv3.dll
2009-02-13 06:40 . 2001-09-06 20:09 54,666 --a--c--- c:\windows\system32\dllcache\otcsercb.sys
2009-02-13 06:40 . 2001-08-17 20:20 54,528 --a--c--- c:\windows\system32\dllcache\opl3sax.sys
2009-02-13 06:40 . 2001-08-17 20:49 51,552 --a--c--- c:\windows\system32\dllcache\ntgrip.sys
2009-02-13 06:40 . 2001-08-17 22:05 48,000 --a--c--- c:\windows\system32\dllcache\ovcam2.sys
2009-02-13 06:40 . 2001-09-06 20:09 43,785 --a--c--- c:\windows\system32\dllcache\otceth5.sys
2009-02-13 06:40 . 2001-08-17 22:05 28,032 --a--c--- c:\windows\system32\dllcache\ovcd.sys
2009-02-13 06:40 . 2001-08-17 20:12 27,209 --a--c--- c:\windows\system32\dllcache\otc06x5.sys
2009-02-13 06:40 . 2001-08-17 22:05 25,088 --a--c--- c:\windows\system32\dllcache\ovca.sys
2009-02-13 06:40 . 2001-09-06 19:49 9,472 --a--c--- c:\windows\system32\dllcache\ntapm.sys
2009-02-13 06:40 . 2001-08-17 21:53 7,552 --a--c--- c:\windows\system32\dllcache\nsmmc.sys
2009-02-13 06:38 . 2001-09-06 19:31 131,072 --a--c--- c:\windows\system32\dllcache\n100325.sys
2009-02-13 06:38 . 2001-08-17 20:50 103,296 --a--c--- c:\windows\system32\dllcache\mtxvideo.sys
2009-02-13 06:38 . 2001-09-06 19:31 76,416 --a--c--- c:\windows\system32\dllcache\mxport.sys
2009-02-13 06:38 . 2001-09-06 19:31 53,279 --a--c--- c:\windows\system32\dllcache\n1000nt5.sys
2009-02-13 06:38 . 2008-04-13 20:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2009-02-13 06:38 . 2001-09-06 19:31 22,016 --a--c--- c:\windows\system32\dllcache\mxcard.sys
2009-02-13 06:38 . 2008-04-13 20:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2009-02-13 06:38 . 2001-08-17 21:49 19,968 --a--c--- c:\windows\system32\dllcache\mxnic.sys
2009-02-13 06:38 . 2001-09-06 21:27 19,968 --a--c--- c:\windows\system32\dllcache\mxicfg.dll
2009-02-13 06:38 . 2001-08-17 21:48 12,416 --a--c--- c:\windows\system32\dllcache\msriffwv.sys
2009-02-13 06:38 . 2001-09-06 21:27 7,168 --a--c--- c:\windows\system32\dllcache\mxport.dll
2009-02-13 06:38 . 2001-08-17 22:00 2,944 --a--c--- c:\windows\system32\dllcache\msmpu401.sys
2009-02-13 06:37 . 2001-09-06 18:59 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-02-13 06:37 . 2001-09-06 21:26 235,648 --a--c--- c:\windows\system32\dllcache\mgaud.dll
2009-02-13 06:37 . 2008-04-14 19:03 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2009-02-13 06:37 . 2008-04-13 20:46 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2009-02-13 06:37 . 2001-08-17 22:02 35,200 --a--c--- c:\windows\system32\dllcache\msgame.sys
2009-02-13 06:37 . 2001-08-17 21:52 17,280 --a--c--- c:\windows\system32\dllcache\mraid35x.sys
2009-02-13 06:37 . 2001-08-17 21:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys
2009-02-13 06:37 . 2008-04-13 20:46 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2009-02-13 06:37 . 2001-08-17 21:52 6,528 --a--c--- c:\windows\system32\dllcache\miniqic.sys
2009-02-13 06:37 . 2001-08-17 21:48 6,016 --a--c--- c:\windows\system32\dllcache\msfsio.sys
2009-02-13 06:35 . 2008-04-14 19:02 254,464 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2009-02-13 06:34 . 2001-09-06 21:26 90,200 --a--c--- c:\windows\system32\dllcache\io8ports.dll
2009-02-13 06:34 . 2008-04-13 20:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2009-02-13 06:34 . 2001-08-17 20:12 45,632 --a--c--- c:\windows\system32\dllcache\ip5515.sys
2009-02-13 06:34 . 2001-08-17 21:50 38,784 --a--c--- c:\windows\system32\dllcache\io8.sys
2009-02-13 06:34 . 2001-08-17 21:49 26,624 --a--c--- c:\windows\system32\dllcache\irstusb.sys
2009-02-13 06:34 . 2001-08-17 21:49 23,552 --a--c--- c:\windows\system32\dllcache\irmk7.sys
2009-02-13 06:34 . 2001-08-17 21:51 18,688 --a--c--- c:\windows\system32\dllcache\irsir.sys
2009-02-13 06:34 . 2001-08-17 21:52 16,000 --a--c--- c:\windows\system32\dllcache\ini910u.sys
2009-02-13 06:34 . 2001-09-06 18:16 13,568 --a--c--- c:\windows\system32\dllcache\inport.sys
2009-02-13 06:34 . 2008-04-14 18:37 5,504 --a--c--- c:\windows\system32\dllcache\intelide.sys
2009-02-13 06:32 . 2001-08-17 21:28 542,879 --a--c--- c:\windows\system32\dllcache\hsf_msft.sys
2009-02-13 06:31 . 2001-09-06 21:26 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-02-13 06:30 . 2001-09-06 21:26 470,144 --a--c--- c:\windows\system32\dllcache\g200d.dll
2009-02-13 06:29 . 2001-09-06 20:14 630,016 --a--c--- c:\windows\system32\dllcache\eqn.sys
2009-02-13 06:28 . 2001-09-06 19:54 634,198 --a--c--- c:\windows\system32\dllcache\el656ct5.sys
2009-02-13 06:27 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-02-13 06:26 . 2008-04-14 19:02 251,904 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2009-02-13 06:25 . 2001-09-06 18:59 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-02-13 06:24 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-02-13 06:23 . 2001-08-17 22:07 56,960 --a--c--- c:\windows\system32\dllcache\aic78xx.sys
2009-02-13 06:21 . 2001-08-17 20:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-02-13 06:21 . 2001-08-17 20:19 584,448 --a--c--- c:\windows\system32\dllcache\adm8810.sys
2009-02-13 06:21 . 2001-08-17 20:19 553,984 --a--c--- c:\windows\system32\dllcache\adm8820.sys
2009-02-13 06:21 . 2001-08-17 22:07 101,888 --a--c--- c:\windows\system32\dllcache\adpu160m.sys
2009-02-13 06:21 . 2001-08-17 20:11 46,112 --a--c--- c:\windows\system32\dllcache\adptsf50.sys
2009-02-13 06:21 . 2001-08-17 20:11 20,160 --a--c--- c:\windows\system32\dllcache\adm8511.sys
2009-02-13 06:21 . 2004-08-03 22:32 10,880 --a--c--- c:\windows\system32\dllcache\admjoy.sys
2009-02-13 06:21 . 2001-08-17 21:53 7,424 --a--c--- c:\windows\system32\dllcache\adicvls.sys
2009-02-13 06:19 . 2001-09-06 21:26 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-15 17:44 --------- d-----w c:\program files\StickIt
2009-02-15 17:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-15 06:01 --------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory
2009-02-15 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 05:08 --------- d-----w c:\documents and settings\Chris\Application Data\Zylom
2009-02-14 05:07 --------- d-----w c:\program files\Zylom Games
2009-02-14 00:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-10 20:50 --------- d-----w c:\documents and settings\Chris\Application Data\FileZilla
2009-02-09 23:06 --------- d-----w c:\program files\AviScreen classic
2009-02-09 16:13 --------- d-----w c:\program files\a-squared Free
2009-02-05 02:14 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-05 02:14 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-04 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 18:41 --------- d-----w c:\program files\QuickTime
2009-01-21 21:03 --------- d-----w c:\program files\SuDoku
2009-01-08 00:34 --------- d-----w c:\documents and settings\Chris\Application Data\uTorrent
2009-01-08 00:32 --------- d-----w c:\program files\SpeedFan
2009-01-08 00:21 --------- d-----w c:\program files\PC Tune-Up
2009-01-01 03:33 --------- d-----w c:\program files\Roxio
2009-01-01 03:33 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-26 17:33 --------- d-----w c:\program files\Premium Booster
2008-12-25 01:03 --------- d-----w c:\program files\Daniusoft
2008-12-23 15:01 --------- d-----w c:\program files\Audioblast
2008-12-23 07:20 --------- d-----w c:\program files\GoldWave
2008-12-22 00:12 --------- d-----w c:\program files\uTorrent
2008-12-16 20:38 --------- d-----w c:\program files\Free Offers from Freeze.com
2008-12-15 14:18 16,640 ----a-w c:\windows\system32\drivers\DsAudioDevice_286.sys
2008-12-15 05:59 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-12-15 01:47 --------- d-----w c:\documents and settings\Chris\Application Data\Corel
2008-12-15 01:44 --------- d-----w c:\program files\Common Files\Corel
2007-07-22 03:34 81,920 ----a-w c:\documents and settings\Chris\Application Data\ezpinst.exe
2007-07-22 03:34 47,360 ----a-w c:\documents and settings\Chris\Application Data\pcouffin.sys
2007-07-17 17:52 1,585 ----a-w c:\program files\Lisence.txt
2007-07-15 20:35 138 ------w c:\program files\Thanks.txt
2007-07-15 20:32 1,750 ------w c:\program files\ReadMe.txt
2007-07-15 20:21 15,893 ----a-w c:\program files\help_gr.chm
2007-07-15 20:18 16,146 ------w c:\program files\help.chm
2007-07-15 17:16 5,890 ----a-w c:\program files\LICENSE.rtf
2007-07-13 21:32 11,256 ----a-w c:\program files\button_up.dat
2007-04-21 00:29 560 ----a-w c:\program files\Global.sw
2007-02-21 04:06 1,390 -c--a-w c:\program files\uninstal.log
2006-11-16 19:39 1,008 ------w c:\program files\close2.dat
2006-11-16 19:39 1,008 ------w c:\program files\close1.dat
2006-06-18 01:29 4 ------w c:\program files\anoixto.dat
2006-06-17 11:27 40,040 ------w c:\program files\bar.dat
2001-08-13 14:51 1,396,337 ----a-w c:\program files\Captura.exe
1997-01-22 04:14 60,186 ------w c:\program files\optimize.WAV
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-05-12 22:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist0120080513 20080514\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WhatPulse"="c:\progra~1\WHATPU~1\WHATPU~1.EXE" [2004-12-05 543744]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StickIt"="c:\program files\StickIt\StickIt3.exe" [2007-03-02 315392]
"WallPaper"="e:\9cec7~1.msn\WALLPA~1\WALLPA~1.90\WALLPA~1.EXE" [2001-06-10 246272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-12-20 1165104]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-12-19 1941808]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-12-19 149024]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2007-12-11 1481984]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-05-05 19:42 294912 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 03:14 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 11:32 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll
"vidc.i420"= i420vfw.dll
"vidc.mjpg"= pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Post-it® Software Notes Lite.lnk]
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^HDDlife.lnk]
path=c:\documents and settings\Chris\Menu Start\Programma's\Opstarten\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^Stardock ObjectDock.lnk]
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^UDPixel.lnk]
backup=c:\windows\pss\UDPixel.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
rem [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2006-12-19 23:19 1941808 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-02-01 16:45 98304 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
--a------ 2005-12-06 12:08 20480 c:\windows\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 d:\porgram files\PSPX2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-04-19 06:42 3293184 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-03-24 00:26 217088 c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
--a------ 2009-02-14 19:44 387584 c:\program files\Labtec\Keyboard\V5.1\KBDAP32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2006-12-20 00:34 1165104 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"StarWindService"=2 (0x2)
"a2free"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\StickIt\\StickIt3.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\RM.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\PMSRegisterFile.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\umi.exe"=
"d:\\Porgram files\\Pinnacle\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-04-25 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-04-25 107272]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2007-12-11 79096]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2007-12-11 23672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-01-09 51440]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 298264]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2008-09-11 45848]
R2 mp3m2pls;mp3m2pls;c:\windows\system32\drivers\mp3m 2pls.sys [2007-04-29 5513]
R2 ppsio;PrmxPPDev;c:\windows\system32\drivers\PPSIO. SYS [2007-03-31 22688]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\sys tem32\drivers\DsAudioDevice_286.sys [2008-12-25 16640]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2007-02-21 24544]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-06-02 16512]
S3 pmxscan;USB Scanner Driver;c:\windows\system32\drivers\usbscan.sys [2007-03-31 15104]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-08-13 98488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [2007-02-21 449920]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - uphcleanhlp
.
Inhoud van de 'Gedeelde Taken' map

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-09 c:\windows\Tasks\SyncBack nu.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00]

2009-02-10 c:\windows\Tasks\SyncBack today.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-08-12 11:00]

2009-02-15 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2009-02-15 c:\windows\Tasks\User_Feed_Synchronization-{750B0ADC-2173-4387-B22F-94E3461ADCCE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.gva.be/
IE: E&xporteren naar Microsoft Excel
Trusted Zone: live.com\bl112w.blu112.mail
Trusted Zone: zylom.com\www.nl.be
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\0fd6vqm6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.minatica.be/
FF - plugin: c:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\divx\DivX Web Player\npdivx32.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:43:47
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,37,e7,f6,de,b8,
0c,94,07,c8,28,51,af,b0,29,a3,98,02,0a,fd,22,15,56 ,4d,6a,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,3b,31,87,d3,0d,
ca,56,78,71,3b,04,66,8b,46,0d,96,c1,85,a7,16,99,55 ,10,4e,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,eb,15,00,43,6f,
27,86,36,25,da,ec,7e,55,20,c9,26,2d,6f,e8,27,b0,e4 ,33,50,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,a6,1c,90,73,e5,
c2,bc,13,3e,1e,9e,e0,57,5a,93,61,6e,7f,b8,5d,85,1b ,d5,09,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,38,ac,5f,ef,e7,
2d,d8,eb,cd,44,cd,b9,a6,33,6c,cd,ea,c9,75,1f,ab,21 ,f8,24,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,a3,7b,a5,cc,5f,
67,50,5e,b0,18,ed,a7,3f,8d,37,a4,0c,0a,a6,f6,43,91 ,e6,12,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,5c,c7,0e,b0,29,
3a,79,d6,31,77,e1,ba,b1,f8,68,02,8d,07,35,a0,0c,b8 ,13,d1,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ba,86,7a,d2,61,
d2,93,19,83,6c,56,8b,a0,85,96,ab,f7,d3,3f,71,b1,82 ,18,ec,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,37,6d,a7,9a,19,
1b,b7,3f,51,fa,6e,91,28,9e,14,cc,cb,2b,8b,7c,5d,f0 ,6e,a5,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,07,13,e8,d3,44,
12,05,66,b1,cd,45,5a,a8,c4,f8,b9,45,df,82,7d,db,7b ,2d,75,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a0,90,95,4c,61,
88,d2,1c,e3,0e,66,d5,eb,bc,2f,6b,eb,86,bb,13,ec,b7 ,ba,ca,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,97,d7,64,90,3b,
4d,00,4c,fa,ea,66,7f,d4,3b,6b,70,79,fd,31,da,9b,c0 ,14,17,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSNL.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Comodo\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\AVG\AVG8\avgrsx.exe
d:\proshow\scsiaccess.exe
c:\program files\Hivecleanup\uphclean.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-02-15 18:49:59 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-15 17:49:50
ComboFix2.txt 2009-02-14 18:10:56
ComboFix3.txt 2008-01-30 15:27:35

Pre-Run: 33.654.038.528 bytes beschikbaar
Post-Run: 33,641,455,616 bytes beschikbaar

465 --- E O F --- 2009-02-14 00:58:38

Nummer twee

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:28, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Proshow\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hivecleanup\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StickIt\StickIt3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe
O4 - HKCU\..\Run: [WallPaper] E:\9CEC7~1.MSN\WALLPA~1\WALLPA~1.90\WALLPA~1.EXE /h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229118675984
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172027649125
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200417483468
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Proshow\ScsiAccess.exe

--
End of file - 9612 bytes

Black_Bird

15 February 2009, 20:03

Hoi :)

Zover ik zie heeft ComboFix deze files niet aangetast, maar dat zou uiteraard wel door de malware kunnen gebeuren, wat ik dan ook denk.

Ja, je zou tot een image kunnen overgaan.
Ik wil ook kijken wat ik nog voor je kan doen. Laat het even weten wat je wilt. :)

compuchrisje

15 February 2009, 20:13

Denk mss de beste optie ja, had niet verwacht dat je met opensource producten zo'n heisa zou krijgen. Ben dus wel een tijdje zoet met die image... en hopen dat de besmetting niet op dat tijdstip al aanwezig was. Je kan dus mss nog een nieuw logje verwachten.

Black_Bird

15 February 2009, 20:14

Prima, ik hoor het wel ;)

Succes :D

compuchrisje

15 February 2009, 21:40

Geslaagd... ik vrees dat mijn toetsenbord er wel aan is gegaan, maar dat geeft niet, want er stonden toch geen letters meer op de toetsen :D

Voor alle zekerheid het logje; toen de image werd aangemaakt is er eerst gescand geweest met Ad-Aware, Spybot S&D, AVG (staat niet op dagelijkse scan, wel bij aanroep) en nog als toemaatje scan met A²SquaredFree. Hopelijk hebben ze 't netjes gehouden:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:36, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
D:\Proshow\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hivecleanup\uphclean.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\StickIt\StickIt3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe
O4 - HKCU\..\Run: [WallPaper] E:\9CEC7~1.MSN\WALLPA~1\WALLPA~1.90\WALLPA~1.EXE /h
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229118675984
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172027649125
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200417483468
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Proshow\ScsiAccess.exe

--
End of file - 9785 bytes

Black_Bird

15 February 2009, 21:44

Die ziet er goed uit :)
Heb je nog problemen?

compuchrisje

15 February 2009, 22:31

Behalve het toetsenbord, zo te zien niet. De progjes doen het terug, oef!! blij dus.

Black_Bird

16 February 2009, 08:34

Oke, ziet er goed uit :)
Dan lijkt mij dit topic afgesloten.

Kleine vraag: Ik zie dat alle opgeloste logs hier worden gesloten, wat moet ik ermee doen? Want ik kan hier geen berichten sluiten..