[OPGELOST] kopiëren van bestanden

[jlipasje]

hierbij log van combofix

ComboFix 08-06-03.4 - jlipasje 2008-06-04 19:22:09.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1370 [GMT 2:00]

Gestart vanuit: E:\programmas2\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))

.

2008-06-03 20:43 . 2008-06-03 20:43 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-03 07:58 . 2008-06-03 17:26 <DIR> d-------- C:\Program Files\Fashion Craze

2008-06-03 07:58 . 2008-06-04 07:53 <DIR> d-------- C:\Program Files\Fab Fashion

2008-06-03 07:57 . 2008-06-03 07:57 <DIR> d-------- C:\Program Files\Home Sweet Home

2008-06-03 07:52 . 2008-06-04 07:54 <DIR> d-------- C:\Program Files\Wildlife Tycoon Venture Africa

2008-06-02 19:47 . 2008-06-02 19:47 <DIR> d-------- C:\Program Files\Chocolatier 2

2008-06-02 19:46 . 2008-06-03 07:48 <DIR> d-------- C:\Program Files\Azada

2008-06-02 17:44 . 2008-06-03 07:47 <DIR> d-------- C:\Program Files\Eye For Design

2008-06-01 21:33 . 2008-06-02 17:25 <DIR> d-------- C:\Program Files\Pastry Passion

2008-06-01 21:33 . 2008-06-02 09:09 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Boomzap

2008-06-01 21:32 . 2008-06-02 17:25 <DIR> d-------- C:\Program Files\Zen Fashion

2008-06-01 10:57 . 2008-06-01 14:35 <DIR> d-------- C:\Program Files\Jojos Fashion Show

2008-05-30 07:46 . 2008-05-30 07:46 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Gaijin Ent

2008-05-29 06:53 . 2008-05-29 06:54 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\SprillBermudeEng

2008-05-28 23:50 . 2008-05-28 23:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MonteCristo

2008-05-28 23:31 . 2008-05-30 20:02 <DIR> d-------- C:\Program Files\Mystery Cookbook

2008-05-28 23:25 . 2008-05-30 18:33 <DIR> d-------- C:\Program Files\Dream Chronicles 2

2008-05-28 20:23 . 2008-05-28 20:23 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Friday's games

2008-05-28 19:19 . 2008-05-28 19:19 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Sudden Games

2008-05-28 19:13 . 2008-05-28 23:24 <DIR> d-------- C:\Program Files\Yard Sale Junkie

2008-05-28 05:42 . 2008-05-28 23:24 <DIR> d-------- C:\Program Files\Puppy Luv Adventures

2008-05-27 22:34 . 2008-05-27 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip

2008-05-27 19:39 . 2008-05-28 05:51 <DIR> d-------- C:\Program Files\Finders Keepers

2008-05-27 12:36 . 2008-05-27 15:52 <DIR> d-------- C:\Program Files\Cate West - The Vanishing Files

2008-05-27 06:52 . 2008-05-27 15:52 <DIR> d-------- C:\Program Files\Abra Academy

2008-05-27 06:48 . 2008-05-27 06:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DFGV1004

2008-05-26 20:38 . 2008-05-27 06:50 <DIR> d-------- C:\Program Files\Polly Pride - Pet Detective

2008-05-25 21:04 . 2008-05-25 21:04 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Gamelab

2008-05-25 18:23 . 2008-05-25 20:58 <DIR> d-------- C:\Program Files\Hidden Expedition Titanic

2008-05-25 10:57 . 2008-05-25 16:09 <DIR> d-------- C:\Program Files\Hidden Wonders Of The Depths

2008-05-25 10:48 . 2008-05-25 10:48 <DIR> d-------- C:\Program Files\Mahjong Escape

2008-05-23 13:19 . 2008-05-23 13:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Farm Frenzy

2008-05-21 17:01 . 2008-05-21 17:01 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Jane s Hotel

2008-05-21 06:56 . 2008-05-21 07:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fashion Solitaire 1.2

2008-05-20 20:30 . 2008-05-20 20:30 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-05-20 20:30 . 2008-05-20 20:30 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-05-20 20:30 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-05-19 20:58 . 2008-05-19 20:58 <DIR> d-------- C:\Program Files\Auslogics

2008-05-19 20:58 . 2008-05-19 20:58 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Auslogics

2008-05-18 20:28 . 2008-05-18 20:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HipSoft

2008-05-14 17:06 . 2008-05-26 20:40 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\iWin

2008-05-13 19:28 . 2008-05-17 14:17 0 --a------ C:\WINDOWS\galaxy.ini

2008-05-11 22:32 . 2008-05-11 22:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii

2008-05-11 21:21 . 2008-05-11 21:21 <DIR> d-------- C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Jane s Hotel Family Hero

2008-05-09 18:05 . 2008-05-09 18:05 <DIR> d-------- C:\Program Files\Common Files\Micro Application Shared

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-02 17:51 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Big Fish Games

2008-06-02 15:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games

2008-06-01 17:36 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Flood Light Games

2008-06-01 17:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games

2008-05-29 04:20 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\PlayFirst

2008-05-29 04:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst

2008-05-28 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia

2008-05-27 20:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-05-27 13:52 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-05-25 17:58 --------- d-----w C:\Program Files\FreeCommander

2008-05-25 08:14 --------- d-----w C:\Program Files\Zylom Games

2008-05-24 06:13 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Zylom

2008-05-20 18:30 --------- d-----w C:\Program Files\Common Files\Nokia

2008-05-20 18:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations

2008-05-18 07:45 --------- d-----w C:\Program Files\TeraCopy

2008-05-17 21:32 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\TeraCopy

2008-05-17 12:16 --------- d-----w C:\Program Files\Common Files\Autodesk Shared

2008-05-17 12:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk

2008-05-09 16:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-09 16:05 --------- d-----w C:\Program Files\Easy Computing

2008-05-02 13:18 --------- d-----w C:\Program Files\Microsoft SQL Server

2008-05-02 13:12 --------- d-----w C:\Program Files\Microsoft.NET

2008-05-01 07:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear

2008-04-30 21:30 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\BAMMC

2008-04-30 21:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\{FE74686E-D50E-4DCE-B7F2-A532364065A5}

2008-04-30 21:10 --------- d-----w C:\Program Files\Common Files\BAIMv300FREE

2008-04-30 20:56 --------- d-----w C:\Program Files\MSXML 6.0

2008-04-30 20:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-30 20:21 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\AVGTOOLBAR

2008-04-30 19:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

2008-04-30 19:30 --------- d-----w C:\Program Files\Color7 Video Converter

2008-04-30 19:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-04-30 19:27 --------- d-----w C:\Program Files\Java

2008-04-29 17:38 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-04-29 17:38 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-04-29 17:38 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-04-29 17:37 --------- d-----w C:\Program Files\AVG

2008-04-29 17:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

2008-04-28 16:38 --------- d-----w C:\Program Files\QuickTime

2008-04-28 16:35 --------- d-----w C:\Program Files\Apple Software Update

2008-04-25 15:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM

2008-04-20 09:01 --------- d-----w C:\Program Files\BoontyGames

2008-04-18 19:23 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Shareaza

2008-04-18 18:35 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Nero

2008-04-17 15:16 --------- d-----w C:\Program Files\Shareaza

2008-04-16 11:04 --------- d-----w C:\Program Files\Shareaza Applications

2008-04-14 19:24 --------- d-----w C:\Program Files\sTabLauncher

2008-04-13 14:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EscapeTheMuseum

2008-04-13 08:38 --------- d-----w C:\Program Files\Escape From Paradise

2008-04-12 16:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-04-11 19:53 --------- d--h--r C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\SecuROM

2008-04-11 19:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY

2008-04-11 19:42 --------- d-----w C:\Program Files\Boonty

2008-04-11 19:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BigFishGamesCache

2008-04-11 19:23 --------- d-----w C:\Program Files\Gamenext

2008-04-10 13:42 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\Autodesk

2008-04-10 13:41 --------- d-----w C:\Program Files\Autodesk

2008-04-05 13:37 --------- d-----w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\TheScruffs

2008-03-24 11:16 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-03-22 17:30 2,085,376 ----a-w C:\WINDOWS\system32\x264vfw.dll

2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2008-03-04 11:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-02-02 20:16 311 ----a-w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\bbbconfig.dat

2007-08-13 15:57 47,360 ----a-w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\pcouffin.sys

2007-07-25 09:35 88,576 ---ha-w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\rbap550.dll

2007-07-25 09:35 52,224 ---ha-w C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Application Data\RBSpriteSurface550.dll

2007-06-11 16:08 271 --sh--w C:\Program Files\desktop.ini

2007-06-11 16:08 21,952 ---ha-w C:\Program Files\folder.htt

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

2007-07-14 17:04 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2007-07-14 17:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat

2007-07-14 17:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007071420070715\index.dat

2007-07-14 17:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-06-04_19.06.00,39 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-04 13:09:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-04 17:17:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-04-29 19:38 2050816 --a------ f:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]

2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 12:26 480704]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "f:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-29 19:38 2050816]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]

[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]

[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{196C3A46-4758-433D-A600-802C804AF39C}"= C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [2007-12-23 12:26 480704]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [ ]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= f:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-29 19:38 2050816]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]

[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]

[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-09-20 15:17 208946]

"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 14:42 475180]

"Nero PhotoShow Media Manager"="F:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 20:22 312848]

"Search Defender"="C:\Program Files\Speeditup Free\SearchDefender.exe" [2007-08-02 02:54 541696]

"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-03-09 03:49 908288]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:03 15360]

"Nokia.PCSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

"PC Suite Tray"="F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-02-16 22:07 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 11:47 352256]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2008-03-04 18:46 1500672]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 12:21 847872]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-05-28 17:37 394240]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 02:33 188416]

"WinPatrol"="f:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 07:38 316728]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"AVG8_TRAY"="f:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-29 19:37 1177368]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:03 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 16:15:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^jlipasje.PASJEJLI-C60C5B^Menu Start^Programma's^Opstarten^Dragon NaturallySpeaking.lnk]

path=C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Menu Start\Programma's\Opstarten\Dragon NaturallySpeaking.lnk

backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^jlipasje.PASJEJLI-C60C5B^Menu Start^Programma's^Opstarten^Registration-InstantCopy.lnk]

path=C:\Documents and Settings\jlipasje.PASJEJLI-C60C5B\Menu Start\Programma's\Opstarten\Registration-InstantCopy.lnk

backup=C:\WINDOWS\pss\Registration-InstantCopy.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\InterVideo\\WCreator2\\WCreator.exe"=

"E:\\programmas2\\incredimail_install.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"E:\\programmas2\\magentic_install.exe"=

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=

"F:\\Program Files\\Ares\\Ares.exe"=

"F:\\Program Files\\Ares\\IeEmbed.exe"=

"E:\\winks\\Super Pack\\mcoinstall.exe"=

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"F:\\Program Files\\KSS\\PeerTV\\PeerCast.exe"=

"F:\\Program Files\\KSS\\PeerTV\\VLC\\vlc.exe"=

"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"F:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-29 19:38]

R1 FreeOTFE;FreeOTFE;C:\WINDOWS\system32\FreeOTFE.sys [2007-12-17 00:21]

R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;C:\WINDOWS\system32\FreeOTFECypherAES_ltc.sys [2007-12-17 00:19]

R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;C:\WINDOWS\system32\FreeOTFECypherBlowfish.sys [2007-12-17 00:20]

R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5;C:\WINDOWS\system32\FreeOTFECypherCAST5.sys [2007-12-17 00:20]

R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;C:\WINDOWS\system32\FreeOTFECypherCAST6_Gladman.sys [2007-12-17 00:19]

R1 FreeOTFECypherDES;FreeOTFECypherDES;C:\WINDOWS\system32\FreeOTFECypherDES.sys [2007-12-17 00:21]

R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;C:\WINDOWS\system32\FreeOTFECypherMARS_Gladman.sys [2007-12-17 00:19]

R1 FreeOTFECypherRC6_Gladman;FreeOTFECypherRC6_Gladman;C:\WINDOWS\system32\FreeOTFECypherRC6_Gladman.sys [2007-12-17 00:20]

R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;C:\WINDOWS\system32\FreeOTFECypherRC6_ltc.sys [2007-12-17 00:20]

R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;C:\WINDOWS\system32\FreeOTFECypherSerpent_Gladman.sys [2007-12-17 00:20]

R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;C:\WINDOWS\system32\FreeOTFECypherTwofish_ltc.sys [2007-12-17 00:20]

R1 FreeOTFEHashMD;FreeOTFEHashMD;C:\WINDOWS\system32\FreeOTFEHashMD.sys [2007-12-17 00:21]

R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;C:\WINDOWS\system32\FreeOTFEHashRIPEMD.sys [2007-12-17 00:21]

R1 FreeOTFEHashSHA;FreeOTFEHashSHA;C:\WINDOWS\system32\FreeOTFEHashSHA.sys [2007-12-17 00:21]

R1 FreeOTFEHashTiger;FreeOTFEHashTiger;C:\WINDOWS\system32\FreeOTFEHashTiger.sys [2007-12-17 00:20]

R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;C:\WINDOWS\system32\FreeOTFEHashWhirlpool.sys [2007-12-17 00:20]

R2 avg8emc;AVG8 E-mail Scanner;f:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-29 19:37]

R2 avg8wd;AVG8 WatchDog;f:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-29 19:37]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-29 19:38]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;f:\Program Files\Alexion Software\Relation Manager\data\firebird\bin\fbserver.exe [2008-01-29 13:40]

R3 ovt530;TM507A USB Camera;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 18:04]

S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]

S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []

.

Inhoud van de 'Gedeelde Taken' map

"2008-06-02 15:06:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-04 19:24:15

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

Voltooingstijd: 2008-06-04 19:25:20

ComboFix-quarantined-files.txt 2008-06-04 17:24:53

ComboFix2.txt 2008-06-04 17:06:36

Pre-Run: 7,788,699,648 bytes beschikbaar

Post-Run: 7,778,525,184 bytes beschikbaar

293 --- E O F --- 2007-08-04 07:19:19

[kape]

Je zit wel met heel wat mappen en bestanden in de spelletjessector. Op zich niets mis mee, maar wil wel eens aanleiding geven tot het downloaden van probleemgevallen. Ook via je P2P-programma haal je wel eens rotzooi binnen. Dit kan ik je nog aanbevelen en dan zijn we zo'n beetje uitgekeken op je logs …

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

C:\Documents and Settings\All Users.WINDOWS\Application Data\DFGV1004

C:\Documents and Settings\All Users.WINDOWS\Application Data\{FE74686E-D50E-4DCE-B7F2-A532364065A5}

C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM

C:\Program Files\BoontyGames

C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY

C:\Program Files\Boonty

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EEE6C35B-6118-11DC-9C72-001320C79847}"=-

[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met de inhoud van Combofix.txt.

[jlipasje]

Aan iedereen die gereageerd heeft, alvast hartelijk dank voor jullie hulp.

Heb dit weekend echter pc gewoon volledig opnieuw geïnstalleerd. Probleem is dus opgelost.