Ga naar inhoud

[OPGELOST] rotzooi op pc


Gast Nick united

Aanbevolen berichten

Gast Nick united

Hallo,

volgens mij heb ik een heleboel rotzooi op mijn pc staan. Ik krijg soms pop ups, pc gaat tegewoordig nogal traag, loopt vaak vast, ... Zou er iemand kunnen helpen ? Hieronder vind je HiJackThis logje :)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:57:14, on 24/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Dit.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1C1B173E-D2CF-4270-A10E-B1A6DEADCD78} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be

O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shanakeinaction.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: khfghec - khfghec.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

--

End of file - 11588 bytes

Link naar reactie
Delen op andere sites

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {1C1B173E-D2CF-4270-A10E-B1A6DEADCD78} - (no file)

O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O20 - Winlogon Notify: khfghec - khfghec.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan een volgend bericht.

Link naar reactie
Delen op andere sites

Gast Nick united

combofix logje:

ComboFix 08-03-24.1 - CIA Protected 2008-03-24 23:06:53.1 - NTFSx86

Gestart vanuit: C:\Documents and Settings\CIA Protected\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\stera.log

C:\WINDOWS\wr.txt

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))

.

2008-03-17 18:11 . 2008-03-17 18:11 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-03-17 18:07 . 2008-03-24 21:39 <DIR> dr-h----- C:\Documents and Settings\CIA Protected\Onlangs geopend

2008-03-13 17:42 . 2008-03-13 17:42 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Hewlett-Packard

2008-03-12 20:16 . 2008-03-12 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-12 20:15 . 2008-03-12 20:15 <DIR> d-------- C:\Program Files\Messenger Plus! Live

2008-03-11 19:09 . 2008-03-11 19:09 <DIR> d-------- C:\My Recordings

2008-03-11 19:03 . 2008-03-11 19:03 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder

2008-03-11 18:41 . 2008-03-11 23:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Audio Record Edit Toolbox

2008-03-10 21:06 . 2008-03-10 21:06 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-03-10 21:05 . 2008-03-10 21:05 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2008-03-10 21:04 . 2008-03-10 21:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-03-10 21:04 . 2008-03-10 21:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-03-10 21:00 . 2008-03-10 21:00 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Talkback

2008-03-10 20:59 . 2008-03-10 20:59 25 --a------ C:\WINDOWS\cdplayer.ini

2008-03-10 20:57 . 2008-03-10 21:05 <DIR> d-------- C:\Program Files\Logitech

2008-03-10 20:57 . 2008-03-10 20:57 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-03-10 20:57 . 2008-03-10 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-03-10 20:57 . 2007-01-23 15:45 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll

2008-03-10 20:57 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll

2008-03-10 20:57 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-03-10 20:57 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-03-10 20:57 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe

2008-03-10 20:57 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll

2008-03-10 20:57 . 2007-01-23 15:45 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys

2008-03-10 20:57 . 2007-01-23 15:45 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys

2008-03-10 20:57 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Real

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Common Files\Real

2008-03-10 20:50 . 2008-03-10 20:50 <DIR> d-------- C:\videooutput

2008-03-10 20:50 . 2008-03-10 20:50 <DIR> d-------- C:\Program Files\Free FLV to AVI Converter

2008-03-10 20:50 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-03-10 20:50 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-03-10 20:50 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-03-10 20:50 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2008-03-10 20:44 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\U3

2008-03-10 20:40 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-03-10 20:40 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-03-01 16:02 . 2008-03-01 16:02 <DIR> d-------- C:\Documents and Settings\CIA Protected\WINDOWS

2008-03-01 16:01 . 2008-03-01 16:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-02-29 19:20 . 2008-02-29 19:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager

2008-02-27 19:44 . 2008-02-27 19:44 <DIR> d-------- C:\Program Files\iPod

2008-02-26 21:13 . 2008-03-01 16:01 <DIR> d-------- C:\Program Files\Windows Live

2008-02-25 21:01 . 2008-02-25 21:01 <DIR> d-------- C:\Program Files\Stardock

2008-02-25 21:01 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-02-25 20:52 . 2008-02-26 18:15 <DIR> d-------- C:\Documents and Settings\CIA Protected\Contacts

2008-02-25 20:43 . 2008-02-27 20:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Apple Computer

2008-02-25 20:38 . 2008-03-24 21:59 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\LimeWire

2008-02-25 20:27 . 2004-06-24 15:36 <DIR> d--hs---- C:\Documents and Settings\CIA Protected\UserData

2008-02-25 20:27 . 2004-06-24 12:55 <DIR> d--h----- C:\Documents and Settings\CIA Protected\Sjablonen

2008-02-25 20:27 . 2004-06-24 14:53 <DIR> d--h----- C:\Documents and Settings\CIA Protected\Netwerkprinteromgeving

2008-02-25 20:27 . 2008-03-24 21:22 <DIR> dr------- C:\Documents and Settings\CIA Protected\Mijn documenten

2008-02-25 20:27 . 2004-06-24 14:53 <DIR> dr------- C:\Documents and Settings\CIA Protected\Menu Start

2008-02-25 20:27 . 2008-03-02 14:02 <DIR> dr------- C:\Documents and Settings\CIA Protected\Favorieten

2008-02-25 20:27 . 2008-03-24 23:01 <DIR> d-------- C:\Documents and Settings\CIA Protected\Bureaublad

2008-02-25 20:27 . 2004-08-19 11:50 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\CyberLink

2008-02-25 20:27 . 2008-03-17 18:25 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\AVG7

2008-02-25 20:27 . 2004-08-17 17:38 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Ahead

2008-02-25 20:27 . 2004-06-24 16:17 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\AdobeUM

2008-02-25 20:21 . 2008-03-12 21:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-24 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-24 21:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-24 19:57 --------- d-----w C:\Program Files\Trend Micro

2008-03-24 19:35 --------- d-----w C:\Program Files\Java

2008-03-24 19:28 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-03-24 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-03-17 18:28 --------- d-----w C:\Program Files\LimeWire

2008-03-12 21:03 --------- d-----w C:\Program Files\Incomplete

2008-03-10 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-01 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-28 17:45 --------- d-----w C:\Program Files\Google

2008-02-27 18:44 --------- d-----w C:\Program Files\iTunes

2008-02-27 18:43 --------- d-----w C:\Program Files\QuickTime

2008-02-26 19:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-26 19:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-26 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-26 19:40 --------- d-----w C:\Program Files\Crawler

2008-02-26 19:39 --------- d-----w C:\Program Files\Lavasoft

2008-02-25 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-02-25 19:17 --------- d-----w C:\Program Files\NCH Swift Sound

2008-02-25 19:17 --------- d-----w C:\Documents and Settings\Jesse\Application Data\NCH Swift Sound

2008-02-25 19:14 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-02-25 19:02 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AVG7

2008-02-15 22:22 --------- d-----w C:\Documents and Settings\Jesse\Application Data\LimeWire

2008-02-13 11:42 --------- d-----w C:\Documents and Settings\jan\Application Data\AVG7

2008-02-13 11:41 --------- d-----w C:\Documents and Settings\jan\Application Data\Recordpad

2008-02-13 11:41 --------- d-----w C:\Documents and Settings\jan\Application Data\NCH Swift Sound

2008-02-11 20:17 --------- d-----w C:\Program Files\NCH Software

2008-02-11 20:17 --------- d-----w C:\Documents and Settings\Jesse\Application Data\Recordpad

2008-02-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

2008-02-11 20:16 --------- d-----w C:\Program Files\mp3DirectCut

2008-02-01 01:44 --------- d-----w C:\Program Files\Picasa2

2008-02-01 00:49 114,688 ----a-w C:\WINDOWS\system32\netlogun.exe

2008-01-18 20:48 132,500 ----a-w C:\WINDOWS\java\Packages\O6D3R9FT.ZIP

2007-12-06 22:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-06-08 17:33 8 ---h--w C:\Program Files\.data211204.dat

2006-06-08 17:33 8 ---h--w C:\Program Files\.data211004.dat

2006-06-06 20:37 8 ---h--w C:\Program Files\.drv120405.dat

2006-06-06 20:37 8 ---h--w C:\Program Files\.dat000001.dat

2006-05-29 18:06 3,608 ----a-w C:\Documents and Settings\jan\Application Data\wklnhst.dat

2006-03-25 15:41 158 ---ha-w C:\Documents and Settings\jan\hpothb07.dat

1998-08-24 10:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe

2007-06-25 20:40 6,369 --sh--w C:\WINDOWS\system32\ttutv.bak1

2007-07-24 10:42 874,809 --sh--w C:\WINDOWS\system32\ttutv.bak2

2007-07-24 15:02 876,198 --sh--w C:\WINDOWS\system32\ttutv.ini2

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 13:50 68856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Dit"="Dit.exe" [2004-04-02 12:31 86016 C:\WINDOWS\Dit.exe]

"Cmaudio"="cmicnfg.cpl" []

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]

"CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 18:57 579072]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 20:56 185896]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09 488984]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12 244512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:07 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-16 15:19:12 124400]

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-10 21:05:53 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-10 20:57:49 688128]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]

--a------ 2007-06-04 17:05 2664448 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\\Program Files\\NetMeeting\\Conf.exe"=

"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Program Files\\Thrustmaster\\Video\\TM507 Webcam\\amcap.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Documents and Settings\\CIA Protected\\Mijn documenten\\programma's download\\MsgPlusLive-423-www.hebberig.be.exe"=

"C:\\Program Files\\Messenger Plus! Live\\MPTools.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 08:22]

R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 17:29]

R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-24 20:28]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]

S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 17:27]

S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 17:41]

S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]

S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys []

S3 ovt530;TM507A USB Camera;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 16:04]

S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]

.

Inhoud van de 'Gedeelde Taken' map

"2008-02-27 17:44:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-08-25 09:56:11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1172783780.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-03-16 11:39:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173004316.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-03-16 11:39:00 C:\WINDOWS\Tasks\WebReg 20070528123915.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070528123915 /N

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 23:09:06

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-24 23:10:01

ComboFix-quarantined-files.txt 2008-03-24 22:09:37

.

2008-03-12 13:42:56 --- E O F ---

HiJackThis logje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:18:32, on 24/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Dit.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be

O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shanakeinaction.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

--

End of file - 11137 bytes

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

C:\WINDOWS\_MSRSTRT.EXE

C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

C:\WINDOWS\system32\ttutv.bak1

C:\WINDOWS\system32\ttutv.bak2

C:\WINDOWS\system32\ttutv.ini2

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende antwoord.

En laat eens horen hoe het gaat met de pop-ups, de traagheid en het vastlopen van je PC ?

Link naar reactie
Delen op andere sites

Gast Nick united

aComboFix 08-03-24.1 - CIA Protected 2008-03-25 14:28:11.2 - NTFSx86

Gestart vanuit: C:\Documents and Settings\CIA Protected\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\CIA Protected\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))

.

2008-03-25 14:17 . 2008-03-25 14:17 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Logitech

2008-03-25 00:02 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-24 23:59 . 2008-03-24 23:59 <DIR> d-------- C:\Program Files\MSBuild

2008-03-24 23:59 . 2008-03-24 23:59 <DIR> d-------- C:\Program Files\Microsoft Works

2008-03-24 23:57 . 2008-03-24 23:57 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-03-24 23:52 . 2008-03-25 02:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-24 23:51 . 2008-03-24 23:51 <DIR> dr-h----- C:\MSOCache

2008-03-24 23:45 . 2008-03-24 23:45 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-03-24 23:37 . 2008-03-24 23:37 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\DAEMON Tools

2008-03-24 23:37 . 2008-03-24 23:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-17 18:11 . 2008-03-17 18:11 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE

2008-03-17 18:07 . 2008-03-25 14:26 <DIR> dr-h----- C:\Documents and Settings\CIA Protected\Onlangs geopend

2008-03-13 17:42 . 2008-03-13 17:42 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Hewlett-Packard

2008-03-12 20:16 . 2008-03-12 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-12 20:15 . 2008-03-12 20:15 <DIR> d-------- C:\Program Files\Messenger Plus! Live

2008-03-11 19:09 . 2008-03-11 19:09 <DIR> d-------- C:\My Recordings

2008-03-11 19:03 . 2008-03-11 19:03 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder

2008-03-11 18:41 . 2008-03-11 23:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Audio Record Edit Toolbox

2008-03-10 21:06 . 2008-03-10 21:06 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-03-10 21:05 . 2008-03-10 21:05 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2008-03-10 21:04 . 2008-03-10 21:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-03-10 21:04 . 2008-03-10 21:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-03-10 21:00 . 2008-03-10 21:00 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Talkback

2008-03-10 20:59 . 2008-03-10 20:59 25 --a------ C:\WINDOWS\cdplayer.ini

2008-03-10 20:57 . 2008-03-10 21:05 <DIR> d-------- C:\Program Files\Logitech

2008-03-10 20:57 . 2008-03-10 20:57 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-03-10 20:57 . 2008-03-10 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-03-10 20:57 . 2007-01-23 15:45 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll

2008-03-10 20:57 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll

2008-03-10 20:57 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-03-10 20:57 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-03-10 20:57 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe

2008-03-10 20:57 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll

2008-03-10 20:57 . 2007-01-23 15:45 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys

2008-03-10 20:57 . 2007-01-23 15:45 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys

2008-03-10 20:57 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Real

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Common Files\Real

2008-03-10 20:50 . 2008-03-10 20:50 <DIR> d-------- C:\videooutput

2008-03-10 20:50 . 2008-03-10 20:50 <DIR> d-------- C:\Program Files\Free FLV to AVI Converter

2008-03-10 20:50 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-03-10 20:50 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-03-10 20:50 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-03-10 20:50 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2008-03-10 20:44 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\U3

2008-03-10 20:40 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-03-10 20:40 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-03-01 16:02 . 2008-03-01 16:02 <DIR> d-------- C:\Documents and Settings\CIA Protected\WINDOWS

2008-03-01 16:01 . 2008-03-01 16:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-02-29 19:20 . 2008-02-29 19:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager

2008-02-27 19:44 . 2008-02-27 19:44 <DIR> d-------- C:\Program Files\iPod

2008-02-26 21:13 . 2008-03-01 16:01 <DIR> d-------- C:\Program Files\Windows Live

2008-02-25 21:01 . 2008-02-25 21:01 <DIR> d-------- C:\Program Files\Stardock

2008-02-25 21:01 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-02-25 20:52 . 2008-02-26 18:15 <DIR> d-------- C:\Documents and Settings\CIA Protected\Contacts

2008-02-25 20:43 . 2008-02-27 20:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Apple Computer

2008-02-25 20:38 . 2008-03-25 00:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\LimeWire

2008-02-25 20:27 . 2004-06-24 15:36 <DIR> d--hs---- C:\Documents and Settings\CIA Protected\UserData

2008-02-25 20:27 . 2004-06-24 12:55 <DIR> d--h----- C:\Documents and Settings\CIA Protected\Sjablonen

2008-02-25 20:27 . 2004-06-24 14:53 <DIR> d--h----- C:\Documents and Settings\CIA Protected\Netwerkprinteromgeving

2008-02-25 20:27 . 2008-03-25 00:23 <DIR> dr------- C:\Documents and Settings\CIA Protected\Mijn documenten

2008-02-25 20:27 . 2004-06-24 14:53 <DIR> dr------- C:\Documents and Settings\CIA Protected\Menu Start

2008-02-25 20:27 . 2008-03-02 14:02 <DIR> dr------- C:\Documents and Settings\CIA Protected\Favorieten

2008-02-25 20:27 . 2008-03-25 14:28 <DIR> d-------- C:\Documents and Settings\CIA Protected\Bureaublad

2008-02-25 20:27 . 2004-08-19 11:50 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\CyberLink

2008-02-25 20:27 . 2008-03-17 18:25 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\AVG7

2008-02-25 20:27 . 2004-08-17 17:38 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Ahead

2008-02-25 20:27 . 2004-06-24 16:17 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\AdobeUM

2008-02-25 20:21 . 2008-03-12 21:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 13:22 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-03-24 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-24 21:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-24 19:57 --------- d-----w C:\Program Files\Trend Micro

2008-03-24 19:35 --------- d-----w C:\Program Files\Java

2008-03-24 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-03-17 18:28 --------- d-----w C:\Program Files\LimeWire

2008-03-12 21:03 --------- d-----w C:\Program Files\Incomplete

2008-03-10 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-01 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-28 17:45 --------- d-----w C:\Program Files\Google

2008-02-27 18:44 --------- d-----w C:\Program Files\iTunes

2008-02-27 18:43 --------- d-----w C:\Program Files\QuickTime

2008-02-26 19:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-26 19:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-26 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-26 19:40 --------- d-----w C:\Program Files\Crawler

2008-02-26 19:39 --------- d-----w C:\Program Files\Lavasoft

2008-02-25 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-02-25 19:17 --------- d-----w C:\Program Files\NCH Swift Sound

2008-02-25 19:17 --------- d-----w C:\Documents and Settings\Jesse\Application Data\NCH Swift Sound

2008-02-25 19:14 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-02-25 19:02 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AVG7

2008-02-15 22:22 --------- d-----w C:\Documents and Settings\Jesse\Application Data\LimeWire

2008-02-13 11:42 --------- d-----w C:\Documents and Settings\jan\Application Data\AVG7

2008-02-13 11:41 --------- d-----w C:\Documents and Settings\jan\Application Data\Recordpad

2008-02-13 11:41 --------- d-----w C:\Documents and Settings\jan\Application Data\NCH Swift Sound

2008-02-11 20:17 --------- d-----w C:\Program Files\NCH Software

2008-02-11 20:17 --------- d-----w C:\Documents and Settings\Jesse\Application Data\Recordpad

2008-02-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

2008-02-11 20:16 --------- d-----w C:\Program Files\mp3DirectCut

2008-02-01 01:44 --------- d-----w C:\Program Files\Picasa2

2008-02-01 00:49 114,688 ----a-w C:\WINDOWS\system32\netlogun.exe

2008-01-18 20:48 132,500 ----a-w C:\WINDOWS\java\Packages\O6D3R9FT.ZIP

2007-12-06 22:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-06-08 17:33 8 ---h--w C:\Program Files\.data211204.dat

2006-06-08 17:33 8 ---h--w C:\Program Files\.data211004.dat

2006-06-06 20:37 8 ---h--w C:\Program Files\.drv120405.dat

2006-06-06 20:37 8 ---h--w C:\Program Files\.dat000001.dat

2006-05-29 18:06 3,608 ----a-w C:\Documents and Settings\jan\Application Data\wklnhst.dat

2006-03-25 15:41 158 ---ha-w C:\Documents and Settings\jan\hpothb07.dat

1998-08-24 10:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe

2007-06-25 20:40 6,369 --sh--w C:\WINDOWS\system32\ttutv.bak1

2007-07-24 10:42 874,809 --sh--w C:\WINDOWS\system32\ttutv.bak2

2007-07-24 15:02 876,198 --sh--w C:\WINDOWS\system32\ttutv.ini2

.

((((((((((((((((((((((((((((( snapshot@2008-03-24_23.09.27,71 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-24 22:59:24 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

+ 2008-03-24 22:59:22 65,536 ----a-w C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL

+ 2008-03-24 22:59:25 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

+ 2008-03-24 22:59:22 1,215,328 ----a-w C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll

+ 2008-03-24 22:59:22 82,784 ----a-w C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll

+ 2008-03-24 22:59:18 31,560 ----a-w C:\WINDOWS\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL

+ 2008-03-24 22:59:23 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

+ 2008-03-24 22:59:18 16,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll

+ 2008-03-24 22:57:44 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

+ 2008-03-24 22:58:43 1,612,592 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

+ 2008-03-24 22:58:43 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2008-03-24 22:58:43 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2008-03-24 22:59:18 404,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll

+ 2008-03-24 22:58:44 88,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-03-24 22:58:44 146,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2008-03-24 22:59:10 17,208 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll

+ 2008-03-24 22:58:43 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

+ 2008-03-24 22:58:43 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2008-03-24 22:58:44 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2008-03-24 22:58:44 232,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

+ 2008-03-24 22:58:43 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

+ 2008-03-24 22:58:44 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

+ 2008-03-24 22:59:23 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

+ 2008-03-24 22:58:43 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2008-03-24 22:58:44 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2008-03-24 22:59:23 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

+ 2008-03-24 22:59:24 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

+ 2008-03-24 22:58:43 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2008-03-24 22:57:42 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll

+ 2008-03-24 22:57:45 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll

+ 2008-03-24 22:58:55 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll

+ 2008-03-24 22:59:18 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-03-24 22:59:18 12,616 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll

+ 2008-03-24 22:59:11 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll

+ 2008-03-24 22:59:10 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2008-03-24 22:59:11 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll

+ 2008-03-24 22:59:14 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll

+ 2008-03-24 22:59:04 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll

+ 2008-03-24 22:59:17 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll

+ 2008-03-24 22:59:05 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll

+ 2008-03-24 22:59:05 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll

+ 2008-03-24 22:59:23 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

+ 2006-10-27 14:16:36 133,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL

+ 2006-10-26 19:55:32 87,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL

+ 2006-10-27 14:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE

+ 2006-10-26 19:55:48 340,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL

+ 2006-10-27 14:16:46 2,939,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL

+ 2006-10-26 19:34:12 660,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL

+ 2006-10-26 19:34:10 192,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL

+ 2006-09-15 15:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT

+ 2006-10-27 14:16:44 594,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL

+ 2006-10-27 14:16:48 12,813,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE

+ 2006-10-27 14:16:40 176,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL

+ 2006-10-26 19:55:54 413,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL

+ 2006-10-26 19:55:44 263,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL

+ 2006-10-26 19:55:44 272,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL

+ 2006-10-26 20:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE

+ 2006-10-26 20:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL

+ 2008-03-25 01:24:41 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-03-25 01:24:41 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-03-25 01:24:41 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-03-25 01:24:41 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-03-25 01:24:41 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-03-25 01:24:41 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-03-25 01:24:42 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-03-25 01:24:41 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-03-25 01:24:41 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-03-25 01:24:41 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-03-25 01:24:42 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-03-25 01:24:41 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-03-24 23:07:57 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe

- 1999-01-12 15:54:26 1,109,264 ----a-w C:\WINDOWS\system32\FM20.DLL

+ 2006-10-26 13:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL

+ 2006-10-26 13:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL

- 2008-01-19 12:15:30 260,640 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-03-25 13:16:51 297,256 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2002-08-29 01:40:56 198,656 ----a-w C:\WINDOWS\system32\InkEd.dll

+ 2006-10-26 12:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL

+ 2006-10-26 18:56:16 864,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpdrv.dll

+ 2006-10-26 18:56:14 67,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpui.dll

+ 2006-10-26 18:56:16 864,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\msonpdrv.dll

+ 2006-10-26 18:56:14 67,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\msonpui.dll

+ 2006-10-26 18:56:12 33,104 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

- 2002-08-29 01:41:28 194,560 ----a-w C:\WINDOWS\system32\wisptis.exe

+ 2006-10-26 12:45:04 293,376 ----a-w C:\WINDOWS\system32\WISPTIS.EXE

+ 2006-10-26 12:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll

+ 2006-10-26 12:40:36 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2006-10-26 12:40:36 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2006-10-26 12:40:36 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

+ 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll

+ 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll

+ 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll

+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll

+ 2006-10-26 12:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll

+ 2006-10-26 12:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll

+ 2006-10-26 12:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll

+ 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll

+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll

+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll

+ 2006-10-26 12:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll

+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll

+ 2006-10-26 12:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 13:50 68856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 12:55 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Dit"="Dit.exe" [2004-04-02 12:31 86016 C:\WINDOWS\Dit.exe]

"Cmaudio"="cmicnfg.cpl" []

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]

"CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 18:57 579072]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 20:56 185896]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09 488984]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12 244512]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:07 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-16 15:19:12 124400]

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18:21:38 147456]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-10 21:05:53 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-10 20:57:49 688128]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]

--a------ 2007-06-04 17:05 2664448 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\\Program Files\\NetMeeting\\Conf.exe"=

"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Program Files\\Thrustmaster\\Video\\TM507 Webcam\\amcap.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Documents and Settings\\CIA Protected\\Mijn documenten\\programma's download\\MsgPlusLive-423-www.hebberig.be.exe"=

"C:\\Program Files\\Messenger Plus! Live\\MPTools.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 08:22]

R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 17:29]

R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-25 14:22]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]

S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 17:27]

S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 17:41]

S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]

S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys []

S3 ovt530;TM507A USB Camera;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 16:04]

S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]

.

Inhoud van de 'Gedeelde Taken' map

"2008-02-27 17:44:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-08-25 09:56:11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1172783780.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-03-16 11:39:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173004316.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-03-16 11:39:00 C:\WINDOWS\Tasks\WebReg 20070528123915.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20070528123915 /N

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 14:30:42

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-25 14:32:01

ComboFix-quarantined-files.txt 2008-03-25 13:31:52

ComboFix2.txt 2008-03-24 22:10:02

.

2008-03-25 01:24:44 --- E O F ---

Pop ups zijn er tot nu toe niet meer geweest :)

Maar toen ik je reactie aan het lezen van daarnet, viel men pc wel plots uit :s

Ik weet niet aan wat dat kan liggen :s

Link naar reactie
Delen op andere sites

Combofix heeft zijn werk niet naar behoren gedaan, maar dat ligt - helaas - aan een foutje van mij. Sorry :s Wil je dat nog eens herdoen met volgende info :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\_MSRSTRT.EXE

C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

C:\WINDOWS\system32\ttutv.bak1

C:\WINDOWS\system32\ttutv.bak2

C:\WINDOWS\system32\ttutv.ini2

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende antwoord.

Link naar reactie
Delen op andere sites

Gast Nick united

ComboFix 08-03-24.1 - CIA Protected 2008-03-25 16:07:15.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.122 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\CIA Protected\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\CIA Protected\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\WINDOWS\_MSRSTRT.EXE

C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

C:\WINDOWS\system32\ttutv.bak1

C:\WINDOWS\system32\ttutv.bak2

C:\WINDOWS\system32\ttutv.ini2

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\_MSRSTRT.EXE

C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

C:\WINDOWS\system32\ttutv.bak1

C:\WINDOWS\system32\ttutv.bak2

C:\WINDOWS\system32\ttutv.ini2

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))

.

2008-03-25 16:03 . 2008-03-25 16:03 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-25 16:00 . 2008-03-25 16:04 19,575 --a------ C:\WINDOWS\hpoins01.dat

2008-03-25 16:00 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat

2008-03-25 15:41 . 2008-03-25 15:41 <DIR> d-------- C:\temp\HP All-in-One Series Web Release

2008-03-25 14:17 . 2008-03-25 14:17 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Logitech

2008-03-25 00:02 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-24 23:59 . 2008-03-24 23:59 <DIR> d-------- C:\Program Files\MSBuild

2008-03-24 23:59 . 2008-03-24 23:59 <DIR> d-------- C:\Program Files\Microsoft Works

2008-03-24 23:57 . 2008-03-24 23:57 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-03-24 23:52 . 2008-03-25 02:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-24 23:51 . 2008-03-24 23:51 <DIR> dr-h----- C:\MSOCache

2008-03-24 23:45 . 2008-03-24 23:45 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-03-24 23:37 . 2008-03-24 23:37 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\DAEMON Tools

2008-03-24 23:37 . 2008-03-24 23:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-17 18:07 . 2008-03-25 15:32 <DIR> dr-h----- C:\Documents and Settings\CIA Protected\Onlangs geopend

2008-03-13 17:42 . 2008-03-13 17:42 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Hewlett-Packard

2008-03-12 20:16 . 2008-03-12 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-03-12 20:15 . 2008-03-12 20:15 <DIR> d-------- C:\Program Files\Messenger Plus! Live

2008-03-11 19:09 . 2008-03-11 19:09 <DIR> d-------- C:\My Recordings

2008-03-11 19:03 . 2008-03-11 19:03 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder

2008-03-11 18:41 . 2008-03-11 23:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Audio Record Edit Toolbox

2008-03-10 21:06 . 2008-03-10 21:06 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-03-10 21:04 . 2008-03-10 21:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-03-10 21:04 . 2008-03-10 21:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-03-10 21:00 . 2008-03-10 21:00 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Talkback

2008-03-10 20:59 . 2008-03-10 20:59 25 --a------ C:\WINDOWS\cdplayer.ini

2008-03-10 20:57 . 2008-03-10 21:05 <DIR> d-------- C:\Program Files\Logitech

2008-03-10 20:57 . 2008-03-10 20:57 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-03-10 20:57 . 2008-03-10 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-03-10 20:57 . 2007-01-23 15:45 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll

2008-03-10 20:57 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll

2008-03-10 20:57 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-03-10 20:57 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-03-10 20:57 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe

2008-03-10 20:57 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll

2008-03-10 20:57 . 2007-01-23 15:45 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys

2008-03-10 20:57 . 2007-01-23 15:45 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys

2008-03-10 20:57 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Real

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-10 20:56 . 2008-03-10 20:56 <DIR> d-------- C:\Program Files\Common Files\Real

2008-03-10 20:50 . 2008-03-10 20:50 <DIR> d-------- C:\videooutput

2008-03-10 20:50 . 2008-03-10 20:50 <DIR> d-------- C:\Program Files\Free FLV to AVI Converter

2008-03-10 20:50 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll

2008-03-10 20:50 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll

2008-03-10 20:50 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-03-10 20:50 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll

2008-03-10 20:44 . 2008-03-17 18:01 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\U3

2008-03-10 20:40 . 2004-08-04 00:57 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-03-10 20:40 . 2004-08-04 00:57 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-03-01 16:02 . 2008-03-01 16:02 <DIR> d-------- C:\Documents and Settings\CIA Protected\WINDOWS

2008-03-01 16:01 . 2008-03-01 16:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-02-29 19:20 . 2008-02-29 19:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager

2008-02-27 19:44 . 2008-02-27 19:44 <DIR> d-------- C:\Program Files\iPod

2008-02-26 21:13 . 2008-03-01 16:01 <DIR> d-------- C:\Program Files\Windows Live

2008-02-25 21:01 . 2008-02-25 21:01 <DIR> d-------- C:\Program Files\Stardock

2008-02-25 21:01 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll

2008-02-25 20:52 . 2008-02-26 18:15 <DIR> d-------- C:\Documents and Settings\CIA Protected\Contacts

2008-02-25 20:43 . 2008-02-27 20:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Apple Computer

2008-02-25 20:38 . 2008-03-25 00:18 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\LimeWire

2008-02-25 20:27 . 2004-06-24 15:36 <DIR> d--hs---- C:\Documents and Settings\CIA Protected\UserData

2008-02-25 20:27 . 2004-06-24 12:55 <DIR> d--h----- C:\Documents and Settings\CIA Protected\Sjablonen

2008-02-25 20:27 . 2004-06-24 14:53 <DIR> d--h----- C:\Documents and Settings\CIA Protected\Netwerkprinteromgeving

2008-02-25 20:27 . 2008-03-25 00:23 <DIR> dr------- C:\Documents and Settings\CIA Protected\Mijn documenten

2008-02-25 20:27 . 2004-06-24 14:53 <DIR> dr------- C:\Documents and Settings\CIA Protected\Menu Start

2008-02-25 20:27 . 2008-03-02 14:02 <DIR> dr------- C:\Documents and Settings\CIA Protected\Favorieten

2008-02-25 20:27 . 2008-03-25 16:07 <DIR> d-------- C:\Documents and Settings\CIA Protected\Bureaublad

2008-02-25 20:27 . 2004-08-19 11:50 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\CyberLink

2008-02-25 20:27 . 2008-03-17 18:25 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\AVG7

2008-02-25 20:27 . 2004-08-17 17:38 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\Ahead

2008-02-25 20:27 . 2004-06-24 16:17 <DIR> d-------- C:\Documents and Settings\CIA Protected\Application Data\AdobeUM

2008-02-25 20:21 . 2008-03-12 21:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 14:58 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-03-25 14:10 --------- d-----w C:\Program Files\Google

2008-03-24 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-24 21:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-24 19:57 --------- d-----w C:\Program Files\Trend Micro

2008-03-24 19:35 --------- d-----w C:\Program Files\Java

2008-03-24 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-03-17 18:28 --------- d-----w C:\Program Files\LimeWire

2008-03-12 21:03 --------- d-----w C:\Program Files\Incomplete

2008-03-10 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-01 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-27 18:44 --------- d-----w C:\Program Files\iTunes

2008-02-27 18:43 --------- d-----w C:\Program Files\QuickTime

2008-02-26 19:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-02-26 19:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-26 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-26 19:40 --------- d-----w C:\Program Files\Crawler

2008-02-26 19:39 --------- d-----w C:\Program Files\Lavasoft

2008-02-25 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-02-25 19:17 --------- d-----w C:\Program Files\NCH Swift Sound

2008-02-25 19:17 --------- d-----w C:\Documents and Settings\Jesse\Application Data\NCH Swift Sound

2008-02-25 19:14 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-02-25 19:02 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AVG7

2008-02-15 22:22 --------- d-----w C:\Documents and Settings\Jesse\Application Data\LimeWire

2008-02-13 11:42 --------- d-----w C:\Documents and Settings\jan\Application Data\AVG7

2008-02-13 11:41 --------- d-----w C:\Documents and Settings\jan\Application Data\Recordpad

2008-02-13 11:41 --------- d-----w C:\Documents and Settings\jan\Application Data\NCH Swift Sound

2008-02-11 20:17 --------- d-----w C:\Program Files\NCH Software

2008-02-11 20:17 --------- d-----w C:\Documents and Settings\Jesse\Application Data\Recordpad

2008-02-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

2008-02-11 20:16 --------- d-----w C:\Program Files\mp3DirectCut

2008-02-01 01:44 --------- d-----w C:\Program Files\Picasa2

2008-02-01 00:49 114,688 ----a-w C:\WINDOWS\system32\netlogun.exe

2008-01-18 20:48 132,500 ----a-w C:\WINDOWS\java\Packages\O6D3R9FT.ZIP

2007-12-06 22:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-06-08 17:33 8 ---h--w C:\Program Files\.data211204.dat

2006-06-08 17:33 8 ---h--w C:\Program Files\.data211004.dat

2006-06-06 20:37 8 ---h--w C:\Program Files\.drv120405.dat

2006-06-06 20:37 8 ---h--w C:\Program Files\.dat000001.dat

2006-05-29 18:06 3,608 ----a-w C:\Documents and Settings\jan\Application Data\wklnhst.dat

2006-03-25 15:41 158 ---ha-w C:\Documents and Settings\jan\hpothb07.dat

1998-08-24 10:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe

.

((((((((((((((((((((((((((((( snapshot_2008-03-25_14.31.42,06 )))))))))))))))))))))))))))))))))))))))))

.

- 2003-03-09 20:31:04 274,432 ----a-w C:\WINDOWS\system32\hpgwiamd.dll

+ 2003-02-28 09:10:02 274,432 ----a-w C:\WINDOWS\system32\hpgwiamd.dll

- 2003-03-09 04:30:50 270,336 ----a-w C:\WINDOWS\system32\hpzcon07.dll

+ 2003-03-09 20:30:50 270,336 ----a-w C:\WINDOWS\system32\hpzcon07.dll

+ 2003-03-09 20:30:50 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpzeng07.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 13:50 68856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 12:55 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Dit"="Dit.exe" [2004-04-02 12:31 86016 C:\WINDOWS\Dit.exe]

"Cmaudio"="cmicnfg.cpl" []

"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]

"CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 18:57 579072]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 20:56 185896]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09 488984]

"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12 244512]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:07 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-16 15:19:12 124400]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-10 21:05:53 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-10 20:57:49 688128]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]

--a------ 2007-06-04 17:05 2664448 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\fxsclnt.exe"=

"C:\\Program Files\\NetMeeting\\Conf.exe"=

"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Program Files\\Thrustmaster\\Video\\TM507 Webcam\\amcap.exe"=

"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

"C:\\Documents and Settings\\CIA Protected\\Mijn documenten\\programma's download\\MsgPlusLive-423-www.hebberig.be.exe"=

"C:\\Program Files\\Messenger Plus! Live\\MPTools.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 08:22]

R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 17:29]

R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-25 15:58]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]

S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 17:27]

S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 17:41]

S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]

S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys []

S3 ovt530;TM507A USB Camera;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 16:04]

S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]

.

Inhoud van de 'Gedeelde Taken' map

"2008-02-27 17:44:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-25 16:09:16

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-25 16:10:10

ComboFix-quarantined-files.txt 2008-03-25 15:09:56

ComboFix2.txt 2008-03-25 13:32:02

ComboFix3.txt 2008-03-24 22:10:02

.

2008-03-25 01:24:44 --- E O F ---

Link naar reactie
Delen op andere sites

Nog dit vetgedrukt bestandje verwijderen met Windows Verkenner

C:\WINDOWS\inf\unregpn.exe

en dan is alles - naar mijn mening - weer OK.

Maar jij alleen kan maar vaststellen en bevestigen of dit in de praktijk ook zo is. Hoe zit het momenteel met pop-ups, traagheid en vastlopen ?

Link naar reactie
Delen op andere sites

Fantastisch. Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

That’s it !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.