Ga naar inhoud

formatteren en drivers

Gast woops

Door Gast woops
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

Gast woops

Gast woops

Geplaatst:
Geplaatst:

Hallon eindelijk ben ik zover en die registersleutel is gelukkig verwijderd. Dat was een serieus kwalijk iets. Ik heb in veilige modus de sleutel verwijderd want gewoon ging het niet.

Ik plaats dan nog de hijack, moest je nog iets zien dat niet goed is laat het dan maar weten:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:09:43, on 14/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [bHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7212 bytes

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Gast woops

Gast woops

Geplaatst:
Geplaatst:

Ik heb nog een log gemaakt met DSS

Deckard's System Scanner v20071014.68

Run by kimsie on 2008-03-14 18:19:21

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- HijackThis (run as kimsie.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:19:24, on 14/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\kimsie\Bureaublad\tools\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\kimsie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [bHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7130 bytes

-- Files created between 2008-02-14 and 2008-03-14 -----------------------------

2008-03-14 15:09:53 0 d--hs---- C:\Documents and Settings\kimsie\Onlangs geopend

2008-03-14 11:09:44 2368 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-14 10:02:59 0 d-------- C:\Documents and Settings\kimsie\DoctorWeb

2008-03-14 07:50:36 0 d-------- C:\WINDOWS\SoftwareDistribution

2008-03-14 07:14:13 0 d-------- C:\WINDOWS\SoftwareDistributionold

2008-03-13 22:17:12 3514 --a------ C:\Start_.cmd

2008-03-13 21:20:27 0 d-------- C:\ComboFix(3)

2008-03-13 21:19:28 0 d-------- C:\ComboFix(2)

2008-03-13 21:18:21 0 d-------- C:\ComboFix(1)

2008-03-13 19:19:50 0 d-------- C:\VundoFix Backups

2008-03-13 17:22:44 0 d-------- C:\Program Files\Trend Micro

2008-03-13 17:14:48 0 d-------- C:\Program Files\Zamaan's Software

2008-03-13 17:06:47 0 d-------- C:\Program Files\InterMute

2008-03-13 16:59:53 0 d-------- C:\Documents and Settings\kimsie\Application Data\WinRAR

2008-03-13 16:53:31 0 d-------- C:\Program Files\Lavasoft

2008-03-13 16:52:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-13 14:17:47 0 d-------- C:\Documents and Settings\kimsie\.housecall6.6

2008-03-13 13:53:35 90176 -----n--- C:\WINDOWS\system32\nsgcpshj.dll

2008-03-13 13:52:50 183893 --ahs---- C:\WINDOWS\system32\rstwa.ini2

2008-03-13 13:49:29 0 d-------- C:\WINDOWS\BDOSCAN8

2008-03-13 12:08:41 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>

2008-03-13 11:54:47 0 d-------- C:\WINDOWS\system32\ActiveScan

2008-03-13 11:27:18 0 d-------- C:\Documents and Settings\kimsie\Application Data\Grisoft

2008-03-12 18:30:16 0 d-------- C:\Documents and Settings\kimsie\Application Data\MiniDm

2008-03-12 18:14:52 0 d-------- C:\WINDOWS\system32\VIRepair

2008-03-12 18:04:59 0 d-------- C:\Documents and Settings\kimsie\Application Data\Styler

2008-03-12 18:00:40 0 d-------- C:\WINDOWS\system32\VITrans

2008-03-12 18:00:39 111104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-03-12 18:00:39 19968 --a------ C:\WINDOWS\system32\reico.exe <Not Verified; Dead Knight; >

2008-03-12 18:00:39 8636 --a------ C:\WINDOWS\system32\modifype.exe

2008-03-12 18:00:39 0 d-------- C:\VTPFiles

2008-03-12 17:45:59 0 d-------- C:\Documents and Settings\kimsie\Application Data\IEPro

2008-03-12 15:36:59 57344 --a------ C:\WINDOWS\system32\ico.exe <Not Verified; Primax Electronics Ltd.; MouseSuite 98>

2008-03-12 15:22:22 0 d-------- C:\!KillBox

2008-03-12 14:36:30 0 d-------- C:\Program Files\Yahoo!

2008-03-12 14:24:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-12 14:18:43 196039 --ahs---- C:\WINDOWS\system32\jjkkj.ini2

2008-03-12 13:50:10 0 d-------- C:\Program Files\QuickPar

2008-03-12 12:35:25 0 d-------- C:\WINDOWS\Prefetch

2008-02-27 10:40:52 0 d-------- C:\Program Files\AdwareRemover2007

2008-02-27 10:25:53 0 d-------- C:\WINDOWS\setup.pss

2008-02-26 20:34:57 0 d-------- C:\28e1ecf19450976931

2008-02-26 18:49:08 0 d-------- C:\Program Files\SysCleaner

2008-02-26 18:41:29 0 d-------- C:\Documents and Settings\kimsie\Application Data\PrevxCSI

2008-02-26 18:36:07 169849 --ahs---- C:\WINDOWS\system32\klkkj.ini2

2008-02-26 13:39:19 165119 --ahs---- C:\WINDOWS\system32\opqss.ini2

2008-02-26 12:33:40 0 d-------- C:\WINDOWS\pss

2008-02-16 14:13:37 0 d-------- C:\Program Files\Google

2008-02-16 14:05:14 0 d-------- C:\Program Files\Tracker Software

2008-02-16 13:53:51 5688 --a------ C:\WINDOWS\system32\bassenc.dll <Not Verified; Un4seen Developments; >

2008-02-16 13:53:51 25688 --a------ C:\WINDOWS\system32\bass_fx.dll <Not Verified; (: JOBnik! :) [Arthur Aminov, ISRAEL]; >

2008-02-16 13:53:51 92216 --a------ C:\WINDOWS\system32\bass.dll <Not Verified; Un4seen Developments; >

2008-02-16 13:53:44 0 d-------- C:\Program Files\Audio4You

2008-02-16 13:33:59 167805 --ahs---- C:\WINDOWS\system32\qqtwa.ini2

2008-02-16 12:16:12 0 d-------- C:\Documents and Settings\All Users\Application Data\MediaMonkey

2008-02-16 11:46:38 0 d-------- C:\Documents and Settings\kimsie\Application Data\IdealSorter 2008

2008-02-16 11:41:09 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>

2008-02-16 11:37:16 0 d-------- C:\Program Files\FBrowserAdvisor

2008-02-16 10:48:21 0 d-------- C:\Documents and Settings\kimsie\Application Data\MP3Toys

2008-02-16 10:48:18 0 d-------- C:\Program Files\Mass Mp3 Tagger v1.0

2008-02-16 10:44:49 0 d-------- C:\Program Files\MP3Toys

2008-02-16 08:46:29 0 d-------- C:\Documents and Settings\kimsie\WINDOWS

2008-02-16 07:34:09 0 d-------- C:\Documents and Settings\kimsie\Application Data\EFSoftware

2008-02-16 07:20:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Ten Thumbs Typing Tutor

2008-02-16 06:16:36 0 d-------- C:\Documents and Settings\kimsie\Application Data\Cloudeight

2008-02-16 06:09:25 0 d-------- C:\Program Files\ABF software

2008-02-16 05:48:38 0 d-------- C:\Documents and Settings\kimsie\Application Data\Enigma Browser

2008-02-16 05:33:54 0 d-------- C:\Documents and Settings\kimsie\Application Data\DAPE

2008-02-16 05:33:35 0 d-------- C:\Documents and Settings\kimsie\Application Data\Deepnet Explorer

2008-02-16 05:29:55 0 d-------- C:\Program Files\Deepnet Explorer

2008-02-16 05:21:33 0 d-------- C:\Documents and Settings\kimsie\Application Data\Morpheus Software

2008-02-16 05:21:28 0 d-------- C:\Program Files\Morpheus Photo Animation Suite

2008-02-16 04:55:12 0 d-------- C:\Program Files\Audio Catalog

2008-02-16 03:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

2008-02-16 03:45:57 0 d-------- C:\Documents and Settings\kimsie\Application Data\EstSoft

2008-02-16 03:45:40 0 d-------- C:\Program Files\ESTsoft

2008-02-16 03:15:26 0 d-------- C:\Documents and Settings\kimsie\Application Data\SlimBrowser

2008-02-16 02:57:59 0 d-------- C:\Documents and Settings\kimsie\Application Data\Lamantine

2008-02-16 02:51:40 0 d-------- C:\Program Files\Sticky Password

2008-02-16 01:44:14 0 d-------- C:\Documents and Settings\kimsie\Application Data\Zylom

2008-02-16 01:32:28 0 d-------- C:\Program Files\Zylom Games

2008-02-15 23:37:21 0 d-------- C:\Program Files\MediaMonkey

2008-02-15 23:32:22 0 d-------- C:\WINDOWS\speech

2008-02-15 23:32:19 0 d-------- C:\Program Files\Speech Workshop

2008-02-15 23:12:11 434688 --a------ C:\WINDOWS\system32\ss2uinst.exe <Not Verified; Virtualzone.de; SetupStream 2>

2008-02-15 23:12:09 0 d-------- C:\Program Files\Music Collection

2008-02-14 09:50:41 0 d-------- C:\Documents and Settings\kimsie\Application Data\Printer Info Cache

2008-02-14 09:50:16 0 d-------- C:\Program Files\Common Files\HP

-- Find3M Report ---------------------------------------------------------------

2008-03-14 17:58:23 475340 --a------ C:\WINDOWS\system32\perfh013.dat

2008-03-14 17:58:23 84704 --a------ C:\WINDOWS\system32\perfc013.dat

2008-03-14 16:54:29 1714 --a------ C:\Documents and Settings\kimsie\Application Data\bhrslog.txt

2008-03-14 08:33:00 0 d-------- C:\Documents and Settings\kimsie\Application Data\AVG7

2008-03-13 16:52:44 0 d-------- C:\Program Files\Common Files

2008-03-12 19:15:49 0 d-------- C:\Program Files\Windows NT

2008-03-12 19:15:43 0 d-------- C:\Program Files\Movie Maker

2008-03-12 19:15:43 0 d-------- C:\Program Files\Messenger

2008-03-12 15:28:40 0 d-------- C:\Program Files\Common Files\Nero

2008-03-12 15:04:24 0 d-------- C:\Program Files\eMule

2008-03-12 14:52:08 0 d-------- C:\Program Files\Paradise Pet Salon

2008-03-12 14:19:32 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-03-12 14:19:06 0 d-------- C:\Program Files\Symantec

2008-03-12 12:25:31 23484 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-02-26 18:33:39 0 d-------- C:\Program Files\Norton 360

2008-02-16 13:29:05 0 d-------- C:\Documents and Settings\kimsie\Application Data\LimeWire

2008-02-16 11:37:55 209 --a------ C:\Documents and Settings\kimsie\Application Data\urlredir.cfg

2008-02-16 09:10:28 0 d-------- C:\Program Files\Windows Live Toolbar

2008-02-16 08:24:29 0 d-------- C:\Documents and Settings\kimsie\Application Data\Symantec

2008-02-16 08:03:10 0 d-------- C:\Program Files\PlayFirst

2008-02-16 07:54:32 0 d-------- C:\Program Files\Common Files\Adobe

2008-02-16 03:56:07 0 d-------- C:\Documents and Settings\kimsie\Application Data\PlayFirst

2008-02-16 01:44:14 0 d-------- C:\Documents and Settings\kimsie\Application Data\Identities

2008-02-15 23:05:08 0 d-------- C:\Program Files\Zortam Mp3 Media Studio

2008-02-14 09:50:42 0 d-------- C:\Documents and Settings\kimsie\Application Data\Image Zone Express

2008-02-14 09:50:15 0 d-------- C:\Program Files\HP

2008-02-14 09:37:55 45352 --a------ C:\Documents and Settings\kimsie\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log

2008-02-14 09:33:42 2057 --a------ C:\Documents and Settings\kimsie\Application Data\HPSU_48BitScanUpdate.log

2008-02-10 05:44:20 0 d-------- C:\Program Files\IconLibraryManager

2008-02-10 05:43:37 0 d-------- C:\Program Files\Icon Searcher

2008-02-10 04:05:06 0 d-------- C:\Program Files\ActivIcons

2008-02-10 03:50:32 0 d-------- C:\Documents and Settings\kimsie\Application Data\CursorArts

2008-02-10 02:57:12 113 --a------ C:\WINDOWS\system32\xmlpr0v32.dll

2008-02-09 21:09:45 0 d-------- C:\Program Files\Moderal Jukebox

2008-02-09 18:13:57 0 d-------- C:\Program Files\Gift Shop

2008-02-09 17:56:10 0 d-------- C:\Documents and Settings\kimsie\Application Data\Gamers Tower

2008-02-09 16:29:20 0 d-------- C:\Program Files\AV BOX

2008-02-09 15:56:42 0 d-------- C:\Program Files\vitolab

2008-02-09 13:36:24 366 --a------ C:\Documents and Settings\kimsie\Application Data\Hewlett-PackardHP PSC 1400 series1201474207_UI.log

2008-02-09 13:36:21 445 --a------ C:\Documents and Settings\kimsie\Application Data\Hewlett-PackardHP PSC 1400 series1201474207_PROTOCOL.log

2008-02-09 13:36:18 0 d-------- C:\Documents and Settings\kimsie\Application Data\HP

2008-02-09 13:36:18 0 --a------ C:\Documents and Settings\kimsie\Application Data\Hewlett-PackardHP PSC 1400 series1201474207_API.log

2008-02-09 11:49:01 0 d-------- C:\Program Files\Calnique

2008-02-09 11:18:16 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-02-09 11:05:32 0 d-------- C:\Documents and Settings\kimsie\Application Data\Vitolab

2008-02-07 22:28:39 221541 --ahs---- C:\WINDOWS\system32\rqtss.ini2

2008-02-07 21:25:36 3456 --a------ C:\WINDOWS\unins000.dat

2008-02-07 21:24:23 691545 --a------ C:\WINDOWS\unins000.exe

2008-02-02 06:15:41 0 d-------- C:\Documents and Settings\kimsie\Application Data\Macromedia

2008-02-02 05:52:00 0 d-------- C:\Documents and Settings\kimsie\Application Data\Jane s Hotel

2008-02-02 05:44:48 0 d-------- C:\Documents and Settings\kimsie\Application Data\BigFish

2008-02-02 04:40:48 0 d-------- C:\Program Files\Gamenext

2008-02-02 04:36:09 0 d-------- C:\Program Files\GamesBar

2008-01-31 10:11:10 250025 --ahs---- C:\WINDOWS\system32\llnmp.ini2

2008-01-28 21:25:09 0 d-------- C:\Program Files\Windows Desktop Search

2008-01-28 07:15:34 0 d-------- C:\Program Files\X-Fonter

2008-01-28 07:12:42 0 d-------- C:\Program Files\FindThatFont!

2008-01-28 05:52:07 0 d-------- C:\Documents and Settings\kimsie\Application Data\mathijs.jurresip.nl

2008-01-28 04:05:49 0 d-------- C:\Program Files\OpenType Extension

2008-01-28 02:58:16 41139 --a------ C:\Documents and Settings\kimsie\Application Data\Update_HP_RedboxHprblog_HPSU.log

2008-01-28 02:58:08 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>

2008-01-27 23:52:15 113345 --a------ C:\WINDOWS\hpoins07.dat

2008-01-27 23:47:45 0 d-------- C:\Program Files\Hewlett-Packard

2008-01-27 23:02:52 0 d-------- C:\Program Files\SuperCleaner

2008-01-27 21:09:58 0 d-------- C:\Program Files\Microsoft.NET

2008-01-27 20:02:43 0 d-------- C:\Program Files\Microsoft Works

2008-01-27 18:54:30 0 d-------- C:\Program Files\Spyware Terminator

2008-01-27 13:04:36 0 d-------- C:\Program Files\Enigma Software Group

2008-01-27 12:59:03 277873 --ahs---- C:\WINDOWS\system32\rrutv.ini2

2008-01-27 06:25:40 0 d-------- C:\Program Files\Games

2008-01-27 03:39:53 0 d-------- C:\Program Files\Windows Live

2008-01-26 23:57:36 0 d-------- C:\Program Files\ReflexiveArcade

2008-01-25 08:48:33 224865 --ahs---- C:\WINDOWS\system32\vvvwa.ini2

2008-01-20 08:33:08 0 d-------- C:\Program Files\Messenger Plus! Live

2008-01-13 17:14:27 286720 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>

2008-01-13 17:14:24 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

2008-01-13 12:39:41 71235 --a------ C:\WINDOWS\hpqins01.dat

2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe

2008-01-05 15:28:33 608 --a------ C:\WINDOWS\nsreg.dat

2008-01-05 15:28:33 335 --a------ C:\WINDOWS\mozregistry.dat

2008-01-05 15:28:31 9728 --a------ C:\WINDOWS\system32\rnaph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Operating System>

2008-01-04 23:10:58 1158 --a------ C:\WINDOWS\mozver.dat

2008-01-03 21:32:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-01-03 21:32:22 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-12-28 18:31:56 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>

2007-12-28 16:29:43 62 --ahs---- C:\Documents and Settings\kimsie\Application Data\desktop.ini

2007-12-28 15:54:36 0 -rahs---- C:\MSDOS.SYS

2007-12-28 15:54:36 0 -rahs---- C:\IO.SYS

2007-12-28 15:54:36 0 --a------ C:\CONFIG.SYS

2007-12-28 15:54:36 0 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]

30/01/2008 16:31 1199104 --a------ C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [14/09/2007 19:29]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/09/2006 17:10]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [27/09/2006 17:10]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/03/2008 14:24]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

"BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [20/07/2006 22:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [31/12/2002 13:00]

"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [18/10/2007 11:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\PROGRA~1\WINDOW~4\MESSEN~1\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /installquiet /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

"spa_start"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart

-- End of Deckard's System Scanner: finished at 2008-03-14 18:19:52 ------------

Gast woops

Gast woops

Geplaatst:
Geplaatst:

De Combofix is nu ook gelukt! Volgens mij ziet het er al een pak netter uit dan vanmorgen.

ComboFix 08-03-14.2 - kimsie 2008-03-14 18:35:12.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.576 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\kimsie\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\pskt.ini

C:\WINDOWS\search_res.txt

C:\WINDOWS\system32\jjkkj.ini

C:\WINDOWS\system32\jjkkj.ini2

C:\WINDOWS\system32\klkkj.ini

C:\WINDOWS\system32\klkkj.ini2

C:\WINDOWS\system32\llnmp.ini

C:\WINDOWS\system32\llnmp.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nsgcpshj.dll

C:\WINDOWS\system32\opqss.ini2

C:\WINDOWS\system32\qqtwa.ini

C:\WINDOWS\system32\qqtwa.ini2

C:\WINDOWS\system32\rqtss.ini

C:\WINDOWS\system32\rqtss.ini2

C:\WINDOWS\system32\rrutv.ini

C:\WINDOWS\system32\rrutv.ini2

C:\WINDOWS\system32\rstwa.ini

C:\WINDOWS\system32\rstwa.ini2

C:\WINDOWS\system32\vvvwa.ini

C:\WINDOWS\system32\vvvwa.ini2

C:\WINDOWS\system32\wfawkdjq.ini

C:\WINDOWS\system32\winupdate.exe

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://softworldnetwork.com

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))

.

2008-03-14 16:57 . 2007-12-07 03:18 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-14 16:57 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-14 16:57 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-14 16:57 . 2007-12-07 03:18 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-14 16:57 . 2007-12-07 03:18 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-14 16:57 . 2007-12-07 03:18 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-14 16:57 . 2007-12-07 03:18 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-14 16:57 . 2007-12-07 03:18 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-14 16:57 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-14 16:28 . 2008-03-14 17:00 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-03-14 15:09 . 2008-03-14 18:27 <DIR> d--hs---- C:\Documents and Settings\kimsie\Onlangs geopend

2008-03-14 11:09 . 2008-03-14 11:09 2,368 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-14 10:02 . 2008-03-14 10:02 <DIR> d-------- C:\Documents and Settings\kimsie\DoctorWeb

2008-03-14 07:14 . 2008-03-14 07:38 <DIR> d-------- C:\WINDOWS\SoftwareDistributionold

2008-03-13 22:01 . 2008-03-13 22:01 <DIR> d-------- C:\Deckard

2008-03-13 21:20 . 2008-03-14 10:57 <DIR> d-------- C:\ComboFix(3)

2008-03-13 21:19 . 2008-03-14 10:57 <DIR> d-------- C:\ComboFix(2)

2008-03-13 21:18 . 2008-03-14 10:57 <DIR> d-------- C:\ComboFix(1)

2008-03-13 19:19 . 2008-03-14 10:24 <DIR> d-------- C:\VundoFix Backups

2008-03-13 17:22 . 2008-03-13 17:22 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-13 17:14 . 2008-03-13 17:14 <DIR> d-------- C:\Program Files\Zamaan's Software

2008-03-13 17:14 . 1998-06-24 00:00 244,024 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX

2008-03-13 17:14 . 2000-05-22 04:00 203,976 --a------ C:\WINDOWS\system32\richtx32.ocx

2008-03-13 17:14 . 1998-06-24 00:00 140,096 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2008-03-13 17:14 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-03-13 17:06 . 2008-03-13 17:06 <DIR> d-------- C:\Program Files\InterMute

2008-03-13 16:53 . 2008-03-13 16:53 <DIR> d-------- C:\Program Files\Lavasoft

2008-03-13 16:52 . 2008-03-13 16:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-13 14:17 . 2008-03-13 14:29 <DIR> d-------- C:\Documents and Settings\kimsie\.housecall6.6

2008-03-13 13:53 . 2008-03-13 13:53 294 ---hs---- C:\WINDOWS\system32\dmnvxtpy.ini

2008-03-13 13:49 . 2008-03-13 19:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-13 12:08 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-03-13 11:54 . 2008-03-13 14:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-03-13 11:54 . 2008-03-13 13:51 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-03-13 11:54 . 2008-03-13 13:51 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-13 11:54 . 2008-03-13 13:51 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-13 11:27 . 2008-03-13 11:27 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\Grisoft

2008-03-13 11:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-12 18:47 . 2002-12-31 13:00 2,152,960 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel

2008-03-12 18:47 . 2002-12-31 13:00 2,019,840 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel

2008-03-12 18:30 . 2008-03-13 21:22 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\MiniDm

2008-03-12 18:14 . 2008-03-12 18:14 <DIR> d-------- C:\WINDOWS\system32\VIRepair

2008-03-12 18:04 . 2008-03-12 18:04 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\Styler

2008-03-12 18:00 . 2008-03-12 18:17 <DIR> d-------- C:\WINDOWS\system32\VITrans

2008-03-12 18:00 . 2008-03-12 18:07 <DIR> d-------- C:\VTPFiles

2008-03-12 18:00 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-03-12 18:00 . 2008-03-12 18:00 78,942 --a------ C:\WINDOWS\Icon_1.ico

2008-03-12 18:00 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2008-03-12 18:00 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2008-03-12 17:45 . 2008-03-12 17:46 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\IEPro

2008-03-12 15:36 . 2004-07-14 15:36 57,344 --a------ C:\WINDOWS\system32\ico.exe

2008-03-12 15:16 . 2008-03-12 15:16 0 --a------ C:\WINDOWS\Irremote.ini

2008-03-12 14:36 . 2008-03-12 14:39 <DIR> d-------- C:\Program Files\Yahoo!

2008-03-12 14:24 . 2008-03-13 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-12 14:19 . 2008-03-12 14:19 1,320,051 ---hs---- C:\WINDOWS\system32\sjyeryjy.ini

2008-03-12 14:19 . 2008-03-14 14:20 147 --a------ C:\WINDOWS\BMef4f7638.xml

2008-03-12 13:50 . 2008-03-12 13:50 <DIR> d-------- C:\Program Files\QuickPar

2008-03-12 12:32 . 2002-12-31 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls

2008-03-12 12:30 . 2002-12-31 13:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll

2008-03-12 12:29 . 2002-12-31 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-03-12 12:28 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll

2008-03-12 12:26 . 2002-12-31 13:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe

2008-03-12 12:26 . 2008-03-12 12:26 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-03-12 12:26 . 2008-03-12 12:26 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-03-12 12:26 . 2008-03-12 12:26 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-03-12 12:26 . 2008-03-12 12:26 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-03-12 12:26 . 2008-03-12 12:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-03-12 12:24 . 2002-12-31 13:00 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll

2008-03-12 12:24 . 2002-12-31 13:00 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll

2008-03-12 12:13 . 2002-12-31 13:00 1,014,139 -ra------ C:\WINDOWS\SETB5.tmp

2008-02-27 10:40 . 2008-03-13 14:56 <DIR> d-------- C:\Program Files\AdwareRemover2007

2008-02-26 20:34 . 2008-02-26 20:35 <DIR> d-------- C:\28e1ecf19450976931

2008-02-26 18:49 . 2008-02-26 18:49 <DIR> d-------- C:\Program Files\SysCleaner

2008-02-26 18:41 . 2008-02-26 18:42 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\PrevxCSI

2008-02-26 18:05 . 2007-01-10 03:47 624,784 --a------ C:\WINDOWS\system32\SymNeti.dll

2008-02-26 18:05 . 2007-01-10 03:47 242,320 --a------ C:\WINDOWS\system32\SymRedir.dll

2008-02-26 18:02 . 2008-02-27 10:39 21,587 --a------ C:\WINDOWS\setupapi.old

2008-02-26 18:01 . 2007-07-12 02:49 186,256 --a------ C:\WINDOWS\system32\SymNPPWA.dll

2008-02-26 10:02 . 2008-02-26 18:37 654 --ahs---- C:\WINDOWS\system32\msjhtdxc.ini

2008-02-16 14:13 . 2008-02-26 20:40 <DIR> d-------- C:\Program Files\Google

2008-02-16 14:05 . 2008-02-16 14:05 <DIR> d-------- C:\Program Files\Tracker Software

2008-02-16 13:53 . 2008-02-16 13:53 <DIR> d-------- C:\Program Files\Audio4You

2008-02-16 13:53 . 2005-07-01 21:24 421,888 --a------ C:\WINDOWS\system32\a4ylock.ocx

2008-02-16 13:53 . 2003-12-10 21:35 323,584 --a------ C:\WINDOWS\system32\AudioGenie.ocx

2008-02-16 13:53 . 2005-11-29 14:03 92,216 --a------ C:\WINDOWS\system32\bass.dll

2008-02-16 13:53 . 2005-11-30 19:21 25,688 --a------ C:\WINDOWS\system32\bass_fx.dll

2008-02-16 13:53 . 2005-11-21 16:29 5,688 --a------ C:\WINDOWS\system32\bassenc.dll

2008-02-16 13:35 . 2008-02-26 09:56 474 --ahs---- C:\WINDOWS\system32\ddwdesqv.ini

2008-02-16 12:16 . 2008-03-12 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MediaMonkey

2008-02-16 11:46 . 2008-02-16 12:01 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\IdealSorter 2008

2008-02-16 11:41 . 2003-05-07 19:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2008-02-16 11:37 . 2008-02-16 11:37 <DIR> d-------- C:\Program Files\FBrowserAdvisor

2008-02-16 10:48 . 2008-02-16 12:03 <DIR> d-------- C:\Program Files\Mass Mp3 Tagger v1.0

2008-02-16 10:48 . 2008-02-16 10:48 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\MP3Toys

2008-02-16 10:44 . 2008-02-16 11:43 <DIR> d-------- C:\Program Files\MP3Toys

2008-02-16 10:44 . 2008-02-16 10:48 54,784 --a------ C:\WINDOWS\system32\msvci70c.dll

2008-02-16 08:46 . 2008-02-16 08:46 <DIR> d-------- C:\Documents and Settings\kimsie\WINDOWS

2008-02-16 07:34 . 2008-02-16 07:36 <DIR> d-------- C:\Documents and Settings\kimsie\Application Data\EFSoftware

2008-02-16 07:20 . 2008-02-16 07:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ten Thumbs Typing Tutor

2008-02-16 06:52 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-14 07:33 --------- d-----w C:\Documents and Settings\kimsie\Application Data\AVG7

2008-03-13 11:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-12 14:28 --------- d-----w C:\Program Files\Common Files\Nero

2008-03-12 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2008-03-12 14:04 --------- d-----w C:\Program Files\eMule

2008-03-12 13:52 --------- d-----w C:\Program Files\Paradise Pet Salon

2008-03-12 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-03-12 13:19 --------- d-----w C:\Program Files\Symantec

2008-03-12 13:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-12 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2008-02-26 17:33 --------- d-----w C:\Program Files\Norton 360

2008-02-16 12:29 --------- d-----w C:\Documents and Settings\kimsie\Application Data\LimeWire

2008-02-16 08:10 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-02-16 07:24 --------- d-----w C:\Documents and Settings\kimsie\Application Data\Symantec

2008-02-16 07:03 --------- d-----w C:\Program Files\PlayFirst

2008-02-16 06:54 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-16 02:56 --------- d-----w C:\Documents and Settings\kimsie\Application Data\PlayFirst

2008-02-15 22:05 --------- d-----w C:\Program Files\Zortam Mp3 Media Studio

2008-02-15 21:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-14 08:50 --------- d-----w C:\Program Files\HP

2008-02-14 08:50 --------- d-----w C:\Documents and Settings\kimsie\Application Data\Image Zone Express

2008-02-10 04:44 --------- d-----w C:\Program Files\IconLibraryManager

2008-02-10 04:43 --------- d-----w C:\Program Files\Icon Searcher

2008-02-10 03:05 --------- d-----w C:\Program Files\ActivIcons

2008-02-10 02:50 --------- d-----w C:\Documents and Settings\kimsie\Application Data\CursorArts

2008-02-09 20:09 --------- d-----w C:\Program Files\Moderal Jukebox

2008-02-09 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-02-09 17:13 --------- d-----w C:\Program Files\Gift Shop

2008-02-09 16:56 --------- d-----w C:\Documents and Settings\kimsie\Application Data\Gamers Tower

2008-02-09 15:29 --------- d-----w C:\Program Files\AV BOX

2008-02-09 14:56 --------- d-----w C:\Program Files\vitolab

2008-02-09 12:36 --------- d-----w C:\Documents and Settings\kimsie\Application Data\HP

2008-02-09 10:49 --------- d-----w C:\Program Files\Calnique

2008-02-09 10:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-09 10:05 --------- d-----w C:\Documents and Settings\kimsie\Application Data\Vitolab

2008-02-09 01:51 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-02-09 01:51 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-02-09 01:51 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-02-07 20:24 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-02 04:52 --------- d-----w C:\Documents and Settings\kimsie\Application Data\Jane s Hotel

2008-02-02 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFish

2008-02-02 04:44 --------- d-----w C:\Documents and Settings\kimsie\Application Data\BigFish

2008-02-02 03:40 --------- d-----w C:\Program Files\Gamenext

2008-02-02 03:36 --------- d-----w C:\Program Files\GamesBar

2008-02-02 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst

2008-01-28 20:25 --------- d-----w C:\Program Files\Windows Desktop Search

2008-01-28 06:15 --------- d-----w C:\Program Files\X-Fonter

2008-01-28 06:12 --------- d-----w C:\Program Files\FindThatFont!

2008-01-28 04:52 --------- d-----w C:\Documents and Settings\kimsie\Application Data\mathijs.jurresip.nl

2008-01-28 03:05 --------- d-----w C:\Program Files\OpenType Extension

2008-01-27 22:47 --------- d-----w C:\Program Files\Hewlett-Packard

2008-01-27 22:02 --------- d-----w C:\Program Files\SuperCleaner

2008-01-27 20:09 --------- d-----w C:\Program Files\Microsoft.NET

2008-01-27 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-01-27 19:02 --------- d-----w C:\Program Files\Microsoft Works

2008-01-27 17:54 --------- d-----w C:\Program Files\Spyware Terminator

2008-01-27 12:04 --------- d-----w C:\Program Files\Enigma Software Group

2008-01-27 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft

2008-01-27 05:25 --------- d-----w C:\Program Files\Games

2008-01-27 02:39 --------- d-----w C:\Program Files\Windows Live

2008-01-27 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-27 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Valusoft

2008-01-27 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia

2008-01-26 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games

2008-01-26 22:57 --------- d-----w C:\Program Files\ReflexiveArcade

2008-01-20 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-13 16:14 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-01-13 16:14 286,720 ----a-w C:\WINDOWS\Setup1.exe

2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-12-28 17:31 315,392 ----a-w C:\WINDOWS\HideWin.exe

2007-12-20 15:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.exe

.

<pre>
----a-w            39,792 2008-01-13 20:32:54  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w         2,213,160 2008-01-13 20:32:56  C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
----a-w           325,204 2006-12-21 19:56:28  C:\swsetup\SP34746\WCAMC\FW_210_Silence Install .exe
----a-w            15,360 2008-01-13 20:32:56  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]

2008-01-30 16:31 1199104 --a------ C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]

"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-27 17:10 7585792]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-27 17:10 86016]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-12 14:24 579072]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

"BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [2006-07-20 22:17 9375744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-12 14:24 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2007-01-09 22:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--a------ 2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\PROGRA~1\WINDOW~4\MESSEN~1\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-09-27 17:10 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

"spa_start"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8895:TCP"= 8895:TCP:BitComet 8895 TCP

"8895:UDP"= 8895:UDP:BitComet 8895 UDP

S3 KLSIENET;Driver for USB Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\usb101et.sys [2004-08-04 00:55]

S3 ST50220;Sonix ST50220 USB Video Camera Driver;C:\WINDOWS\system32\Drivers\ST50220.sys [2006-11-24 17:00]

.

Inhoud van de 'Gedeelde Taken' map

"2008-02-09 17:43:37 C:\WINDOWS\Tasks\Schijfopruiming.job"

- C:\WINDOWS\system32\cleanmgr.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-14 18:39:13

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

.

**************************************************************************

.

Voltooingstijd: 2008-03-14 18:41:35 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-14 17:41:32

.

2008-03-14 16:00:46 --- E O F ---

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Heb je alle Messengers al verwijderd, want er zijn nog duidelijke sporen van te vinden ? Zo niet, allemaal uninstallen voor je de volgende stap zet.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\tmp.reg

C:\Start_.cmd

C:\WINDOWS\system32\nsgcpshj.dll

C:\WINDOWS\system32\rstwa.ini2

C:\WINDOWS\system32\Uharc.exe

C:\WINDOWS\system32\jjkkj.ini2

C:\WINDOWS\system32\klkkj.ini2

C:\WINDOWS\system32\opqss.ini2

C:\WINDOWS\system32\qqtwa.ini2

C:\WINDOWS\system32\perfh013.dat

C:\WINDOWS\system32\perfc013.dat

C:\Documents and Settings\kimsie\Application Data\urlredir.cfg

C:\WINDOWS\system32\rqtss.ini2

C:\WINDOWS\system32\llnmp.ini2

C:\WINDOWS\system32\rrutv.ini2

C:\WINDOWS\system32\vvvwa.ini2

C:\WINDOWS\imsins.BAK

C:\WINDOWS\system32\dmnvxtpy.ini

C:\WINDOWS\system32\sjyeryjy.ini

C:\WINDOWS\system32\msjhtdxc.ini

C:\WINDOWS\system32\ddwdesqv.ini

Folder::

C:\VundoFix Backups

C:\!KillBox

C:\Program Files\Messenger

C:\Program Files\Messenger Plus! Live

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]

"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.e xe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\PROGRA~1\WINDOW~4\MESSEN~1\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]

"spa_start"=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

Gast yoke

Gast yoke

Geplaatst:
Geplaatst:

de problemen zijn opgelost. Ik meld dit even met mijn nieuwe nick want met woops geraak ik niet meer op het forum.

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Fantastisch :laugh:. Al had ik nog wel graag je laatste logjes gezien.

Maar goed ... dan moet je nog wel even opkuis houden : gebruikte programma's verwijderen, even cleanen en besmette herstelpunten verwijderen. En je JAVA kan ook nog een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren.

Download Java Runtime Environment (JRE) 6u5.

  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u5".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer “Windows”.
  • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op “Continue”.
  • De pagina zal herladen.
  • Klik op de jre-6u5-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn, zeker je webbrowser.
  • Ga dan naar Start -> Configuratiescherm -> Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op “Verwijderen” of op de “Wijzig/Verwijder” knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That's it. Succes ermee.

 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.