elke

ComboFix 08-03-18.1 - Administrator 2008-03-20 18:17:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.208 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\copy.exe C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\U66GMER7\iforex.com C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\U66GMER7\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\host.exe C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\Cache C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\temp1.exe C:\WINDOWS\system32\temp2.exe C:\WINDOWS\xcopy.exe D:\Autorun.inf D:\copy.exe D:\host.exe D:\Mijn documenten\STEM~1 D:\Mijn documenten\STEM~1\??stem\ D:\Mijn documenten\STEM~1\attrib.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))) . 2008-03-20 18:15 . 2008-03-20 18:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-20 12:05 . 2008-03-20 12:05 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-19 22:52 . 2008-03-19 22:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-19 22:33 . 2008-03-19 22:33 87,608 --a------ C:\Documents and Settings\Administrator\Application Data\ezpinst.exe 2008-03-19 22:08 . 2008-03-19 22:08 9,296 --a------ C:\WINDOWS\system32\cihrku.exe 2008-03-19 22:08 . 2008-03-19 22:08 244 --ah-c--- C:\sqmnoopt06.sqm 2008-03-19 22:08 . 2008-03-19 22:08 232 --ah-c--- C:\sqmdata06.sqm 2008-03-19 10:43 . 2008-03-19 10:43 9,296 --a------ C:\Documents and Settings\Administrator\nnoswz.exe 2008-03-19 08:39 . 2008-03-20 08:37 136,627 --a------ C:\WINDOWS\POTA777444.exe 2008-03-18 15:11 . 2008-03-18 15:11 9,296 --a------ C:\WINDOWS\system32\ucgnmg.exe 2008-03-17 17:24 . 2008-03-17 17:24 9,296 --a------ C:\WINDOWS\system32\osqzoo.exe 2008-03-17 17:24 . 2008-03-17 17:24 244 --ah-c--- C:\sqmnoopt05.sqm 2008-03-17 17:24 . 2008-03-17 17:24 232 --ah-c--- C:\sqmdata05.sqm 2008-03-17 16:47 . 2008-03-17 16:47 9,296 --a------ C:\WINDOWS\system32\xfvhuk.exe 2008-03-17 16:47 . 2008-03-17 16:47 244 --ah-c--- C:\sqmnoopt04.sqm 2008-03-17 16:47 . 2008-03-17 16:47 232 --ah-c--- C:\sqmdata04.sqm 2008-03-17 15:11 . 2008-03-17 15:11 9,296 --a------ C:\WINDOWS\system32\sqmxmd.exe 2008-03-15 17:28 . 2008-03-15 17:28 9,296 --a------ C:\Documents and Settings\Administrator\wixhvf.exe 2008-03-15 17:15 . 2008-03-15 17:15 <DIR> d-------- C:\Program Files\Webroot 2008-03-15 10:47 . 2008-03-15 10:47 9,296 --a------ C:\WINDOWS\system32\alatuu.exe 2008-03-15 10:47 . 2008-03-15 10:47 244 --ah-c--- C:\sqmnoopt03.sqm 2008-03-15 10:47 . 2008-03-15 10:47 232 --ah-c--- C:\sqmdata03.sqm 2008-03-14 14:30 . 2008-03-14 14:30 244 --ah-c--- C:\sqmnoopt02.sqm 2008-03-14 14:30 . 2008-03-14 14:30 232 --ah-c--- C:\sqmdata02.sqm 2008-03-14 13:55 . 2008-03-15 10:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-14 13:55 . 2008-03-14 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-14 13:55 . 2008-03-15 10:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-03-13 20:16 . 2008-03-13 20:16 9,296 --a------ C:\WINDOWS\system32\jkavmn.exe 2008-03-13 20:16 . 2008-03-13 20:16 244 --ah-c--- C:\sqmnoopt01.sqm 2008-03-13 20:16 . 2008-03-13 20:16 232 --ah-c--- C:\sqmdata01.sqm 2008-03-13 15:06 . 2008-03-13 15:06 244 --ah-c--- C:\sqmnoopt00.sqm 2008-03-13 15:06 . 2008-03-13 15:06 232 --ah-c--- C:\sqmdata00.sqm 2008-03-11 22:35 . 2008-03-11 22:35 9,296 --a------ C:\WINDOWS\system32\sduzcp.exe 2008-02-27 13:04 . 2008-02-27 13:07 <DIR> d-------- C:\Program Files\Windows Live 2008-02-27 13:04 . 2008-02-27 13:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-27 13:03 . 2008-02-27 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-24 14:36 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-02-24 14:36 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-02-24 14:36 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-02-24 14:36 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-02-21 20:21 . 2008-02-21 20:37 187,934,908 --a--c--- C:\Krov.mpg . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-20 17:04 --------- d-----w C:\Program Files\Rainlendar2 2008-03-19 21:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-19 21:50 --------- d-----w C:\Program Files\CyberLink 2008-03-19 21:45 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-19 21:37 --------- d-----w C:\Program Files\LimeWire 2008-03-19 21:37 --------- d-----w C:\Program Files\DivX 2008-03-19 21:36 --------- d-----w C:\Program Files\Google 2008-03-19 21:33 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys 2008-03-19 21:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Vso 2008-03-17 19:46 --------- d-----w C:\Program Files\Hitman Pro 2008-03-17 09:20 --------- d-----w C:\Program Files\Data Entry for Windows 2008-03-15 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-15 15:52 --------- d-----w C:\Program Files\SpywareBlaster 2008-03-15 09:38 --------- d-----w C:\Program Files\Poink 2008-03-13 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-10 08:53 --------- d-----w C:\Program Files\SPSS 2008-02-28 15:59 --------- d-----w C:\Program Files\MSN Messenger 2008-02-17 10:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-13 12:49 --------- d-----w C:\Program Files\Conduit 2008-01-20 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EFCD117-C8C0-4DC7-9D1E-E01B4814876B}] C:\Program Files\ComPlus Applications\cofyl821058.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F9B96C8-1F19-4B26-B684-903DADDAC0FB}] C:\Program Files\Outlook Express\qubap367.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57FB6AF-C8A1-4825-8898-891FCEC6645D}] C:\Program Files\ComPlus Applications\cofyl777444.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-23 09:55 1298432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41 860160] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-21 10:16 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-21 10:11 126976] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 14:01 88209 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38 688218] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28 213054] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 09:11 290816] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 00:05 122939] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-12 11:40 790528] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 15:17 184320] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39 40960] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 21:46 401408] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 21:47 385024] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-07-22 21:51 356352] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-13 02:10 155648] "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ] "JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 21:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Mijn documenten\\Mijn muziek\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 15:26] S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-08-14 15:48] S3 CpqDtct;CpqDtct;C:\WINDOWS\system32\Drivers\Cpqdtct.sys [] S3 NVW_PEAgent;Policy Enforcer Agent;"C:\WINDOWS\PEAgent\PEAgent.exe" /SERVICE [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078db82f-ed88-11db-89ae-001279c69347}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL System_Volume_Information\batexe\start2.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29044de8-1cc0-11dc-8a62-00170833fef6}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ddb16b4-974d-11dc-8b8a-00170833fef6}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71db356f-0b7d-11dc-8a22-001279c69347}] \Shell\AutoRun\command - F:\Loader.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-20 18:20:21 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?7?1?8??P???? ???B???????????????B? ?????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-20 18:24:29 ComboFix-quarantined-files.txt 2008-03-20 17:24:26 . 2008-03-13 14:09:33 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:15:14, on 20/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\USB Disk Win98 Driver\Res.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\HPQ\Shared\hpqwmi.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Provinciale Hogeschool Limburg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP United States - Computers, Laptops, Servers, Printers & more R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Provinciale Hogeschool Limburg R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phlimburg.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2EFCD117-C8C0-4DC7-9D1E-E01B4814876B} - C:\Program Files\ComPlus Applications\cofyl821058.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: 0 - {6F9B96C8-1F19-4B26-B684-903DADDAC0FB} - C:\Program Files\Outlook Express\qubap367.dll (file missing) O2 - BHO: (no name) - {A57FB6AF-C8A1-4825-8898-891FCEC6645D} - C:\Program Files\ComPlus Applications\cofyl777444.dll (file missing) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab O16 - DPF: {5908A47C-F569-4B46-8B35-5FE2C63CC276} (PEAgent) - http://www.phl.be/GGBTRENDMICRO/cabinet/PEAgent.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118127289296 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elke87.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.net/clients/uploader_v2.2.0.6.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.be/site/xupload/XUpload.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Policy Enforcer Agent (NVW_PEAgent) - Trend Micro Inc. - C:\WINDOWS\PEAgent\PEAgent.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10040 bytes

Dit heb ik ook aan de hand. Ik hebt de SDFIX gedaan en het raportje opgeslaan. Hoe weet ik of ik opnieuw MSN kan afhalen en het virus verdwenen is? Report.txt