Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijackThis

None
69 antwoorden
  • Ondanks mij virusscanner heb ik een probleem. Tijdens het opstarten worden er mails uitgegooid, die de scanner tegenhoudt.

    Dit is mijn Hijacklog

    Het likt me iets met het bestand cmbpk32a.dll, maar het kan niet gefixed worden.

    Wie wil er naar kijken en mij helpen?

    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:03, on 14-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\system32
    tvdm.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\inetsrv\DavCData.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe






  • Voer de volgende acties eerst uit:
    Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    [b:38d40d4ebd]Hotbar
    Web Tools by Hotbar
    ShopperReports
    [/b:38d40d4ebd]



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:38d40d4ebd]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
    [/b:38d40d4ebd]
    Klik op 'Fix checked' om de items te verwijderen.



    Open de verkenner ("Mijn Computer";) en kies [b:38d40d4ebd]Extra[/b:38d40d4ebd] -> [b:38d40d4ebd]Mapopties…[/b:38d40d4ebd]
    Controleer onder [b:38d40d4ebd]Weergave[/b:38d40d4ebd] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende directories:
    C:\Program Files\[b:38d40d4ebd]ShopperReports\Bin\[/b:38d40d4ebd]\

    plaats een nieuw HJT logje aub.

    gebruik dan wel deze versie aub.
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
  • Bedankt voor je tijd.

    De programma's
    [b:9ac3c42f9f]Hotbar
    Web Tools by Hotbar
    ShopperReports [/b:9ac3c42f9f]
    komen niet voor in de lijst van software.

    Het probleem is, dat zodra ik de netwerkkabel aansluit mij PC mail gaat verzenden en Norton deze gaat scannen het zijn er wel honderden per minuut. Ik kan dus af en toe een netwerkverbinding maken. De bestanden cmpbk32a.dll
    hqfezmcm.dll
    adsiisexm.dll en
    divx-xx0.dll
    zijn aangemaakt vlak voordat de problemen begonnen en zijn ook niet in veilige modus te verwijderen.


    Hier is een nieuwe log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:24:40, on 16-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

    Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

    AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton

    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security

    Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-583907252-706699826-682003330-1006\..\Run: [CTFMON.EXE]

    C:\WINDOWS\System32\ctfmon.exe (User 'Ellen')
    O4 - HKUS\S-1-5-21-583907252-706699826-682003330-1006\..\Run: [SweetIM] C:\Program

    Files\Macrogaming\SweetIM\SweetIM.exe (User 'Ellen')
    O4 - HKUS\S-1-5-21-583907252-706699826-682003330-1006\..\Run: [AdobeUpdater] C:\Program Files\Common

    Files\Adobe\Updater5\AdobeUpdater.exe (User 'Ellen')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe

    Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare

    software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software

    Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program

    Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} -

    C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} -

    C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} -

    C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) -

    https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -

    http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -

    http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) -

    http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -

    http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

    http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -

    http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

    http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) -

    http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) -

    http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -

    http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

    http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer =

    62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer =

    62.108.1.67,212.142.26.68
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

    C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner -

    C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company -

    C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program

    Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program

    Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program

    Files\WinPcap\rpcapd.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys

    Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program

    Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe


    End of file - 13819 bytes







  • Ga naar [b:04175a270d]Start[/b:04175a270d] - [b:04175a270d]Uitvoeren[/b:04175a270d] en tik in: [b:04175a270d]notepad.exe[/b:04175a270d]
    Klik op [b:04175a270d]OK.[/b:04175a270d]
    Ga in Kladblok naar Opmaak, en haal het vinkje weg voor [b:04175a270d]"Automatische terugloop".[/b:04175a270d]
    Sluit Kladblok terug af.



    Download [b:04175a270d]Combofix[/b:04175a270d]

    naar je Bureaublad.
    Dubbelklik [b:04175a270d]Combofix.exe[/b:04175a270d]
    Volg de instructies, aanvaard de disclaimer door [b:04175a270d]1[/b:04175a270d] (continue) te typen gevolgd door [b:04175a270d]ENTER[/b:04175a270d].Tijdens het runnen van de fix, [b:04175a270d]NIET[/b:04175a270d] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:04175a270d]combofix.txt[/b:04175a270d] openen.
    Plaats dit log in je volgende post aan het einde van de fix. <<<<

    Plaats ook een nieuw HijackThis logje aub.


    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Bij het opnieuw opstarten van de PC liep Combofix vast. Ik heb het programma nogmaals uitgevoerd.

    Hier de logjes.

    ComboFix 07-09-13.3 - "Piet" 2007-09-16 15:06:21.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.111 [GMT 2:00]
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-16 to 2007-09-16 ))))))))))))))))))))))))))))))
    .

    2007-09-16 13:23 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-16 12:22 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-16 11:58 123,904 –a—— C:\WINDOWS\system32\hqfezmcm.dll
    2007-09-13 16:16 123,392 –a—— C:\WINDOWS\system32\hqfezmcm1.dll
    2007-09-13 16:11 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-09-13 16:10 87,552 –a—— C:\WINDOWS\system32\adsiisexm1.dll
    2007-09-13 16:10 82,432 –a—— C:\WINDOWS\system32\cmpbk32a.dll
    2007-09-13 16:10 81,920 –a—— C:\WINDOWS\system32\cmpbk32a2.dll
    2007-09-13 16:08 57,856 –a—— C:\WINDOWS\system32\divx_xx0.dll
    2007-09-11 23:25 <DIR> d——– C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy
    2007-08-24 21:46 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\dvdcss
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Shared
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Incomplete
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\LimeWire
    2007-08-22 11:58 <DIR> d——– C:\Program Files\LimeWire
    2007-08-22 11:22 0 –a—— C:\WINDOWS\system32\oSbkpg71.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-14 15:40 ——— d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-11 23:25 ——— d——– C:\Program Files\Zylom Games
    2007-09-11 23:25 ——— d——– C:\DOCUME~1\Ellen\APPLIC~1\Zylom
    2007-09-09 12:19 ——— d-a—— C:\DOCUME~1\Piet\APPLIC~1\SopCast
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\vlc
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Syntrillium
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Symantec
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ShopperReports
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Real
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ppStream
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\PPLive
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\MSN6
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Lavasoft
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\InterTrust
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Help
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Google
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Creative
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Azureus
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Apple Computer
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\.ABC
    2007-08-12 23:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-12 20:23 ——— d——– C:\Program Files\iTunes
    2007-08-02 15:41 ——— d——– C:\Program Files\PokerStars
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat
    —-a-w 32,768 2007-09-16 12:57:42 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 12:57:42 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 12:57:42 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 13:01:47 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    —-atw 16,384 2007-09-16 12:58:03 C:\WINDOWS\Temp\Perflib_Perfdata_2a4.dat
    .
    —-a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}]
    2007-09-16 11:58 82432 –a—— c:\windows\system32\cmpbk32a.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04]
    "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32
    wiz.exe]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" []
    "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00]
    "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\suxoukao]
    cmpbk32a.dll 2007-09-16 11:58 82432 C:\WINDOWS\system32\cmpbk32a.dll


    R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys
    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
    R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
    R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys
    S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
    S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
    S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rvymvtzo
    License

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 14:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 15:00:01 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job"
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 14:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 15:00:01 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-16 15:13:32
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s???
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql]
    "ImagePath"="C:/mysql/bin/mysqld-nt.exe"
    .
    Completion time: 2007-09-16 15:41:02
    C:\ComboFix-quarantined-files.txt … 2007-09-16 15:39
    C:\ComboFix2.txt … 2006-10-27 21:29
    .
    — E O F —




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:47:35, on 16-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe


    End of file - 13163 bytes










  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
      [b:10863da97e]
  • Aangezien er een probleem was met het combpscript, heb ik het een tweede keer uitgevoerd en opgestuurd om 17.25..

    Hier de nieuwe logjes.

    ComboFix 07-09-13.3 - "Piet" 2007-09-16 17:25:16.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.113 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cmpbk32a.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-16 to 2007-09-16 ))))))))))))))))))))))))))))))
    .

    2007-09-16 13:23 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-16 12:22 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-13 16:11 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-09-13 16:10 82,432 –a—— C:\WINDOWS\system32\cmpbk32a.dll
    2007-09-11 23:25 <DIR> d——– C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy
    2007-08-24 21:46 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\dvdcss
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Shared
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Incomplete
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\LimeWire
    2007-08-22 11:58 <DIR> d——– C:\Program Files\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-16 17:21 ——— d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-11 23:25 ——— d——– C:\Program Files\Zylom Games
    2007-09-11 23:25 ——— d——– C:\DOCUME~1\Ellen\APPLIC~1\Zylom
    2007-09-09 12:19 ——— d-a—— C:\DOCUME~1\Piet\APPLIC~1\SopCast
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\vlc
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Syntrillium
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Symantec
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ShopperReports
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Real
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ppStream
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\PPLive
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\MSN6
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Lavasoft
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\InterTrust
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Help
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Google
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Creative
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Azureus
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Apple Computer
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\.ABC
    2007-08-12 23:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-12 20:23 ——— d——– C:\Program Files\iTunes
    2007-08-02 15:41 ——— d——– C:\Program Files\PokerStars
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat
    —-a-w 32,768 2007-09-16 15:42:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 15:42:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 15:42:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,031 2007-09-16 15:46:43 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    —-a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}]
    2007-09-16 17:39 82432 –a—— c:\windows\system32\cmpbk32a.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04]
    "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32
    wiz.exe]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" []
    "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00]
    "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
    Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\suxoukao]
    cmpbk32a.dll 2007-09-16 17:39 82432 C:\WINDOWS\system32\cmpbk32a.dll


    R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys
    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
    R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
    R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys
    S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
    S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
    S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rvymvtzo
    License

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job"
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-16 17:45:48
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s???
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql]
    "ImagePath"="C:/mysql/bin/mysqld-nt.exe"
    .
    Completion time: 2007-09-16 17:49:14 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-16 17:48
    C:\ComboFix2.txt … 2007-09-16 17:17
    C:\ComboFix3.txt … 2007-09-16 15:41
    .
    — E O F —

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:54:43, on 16-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe












  • Doe onderstaande stappen,
    1 )
    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
      [b:a279eff8d6]
  • Hier de nieuwe logjes. Ik had al eerder in safe mode C:\WINDOWS\SYSTEM32\cmpbk32a.dll geprobeerd te verwijderen. maar dat lukt niet.

    ComboFix 07-09-13.3 - "Piet" 2007-09-16 22:34:37.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.158 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\cmpbk32a.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\Config.xml
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\db\Aliases.dbs
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\db\Sites.dbs
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\dwld\WhiteList.xip
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\persist.dbs
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\ag_ShopperReports.xml
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\ag_ShopperReports.xml.db
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\send_ShopperReports.xml
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\send_ShopperReports.xml.db
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\res1\WhiteList.dbs
    C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\shprrprt.log
    C:\WINDOWS\system32\cmpbk32a.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-16 to 2007-09-16 ))))))))))))))))))))))))))))))
    .

    2007-09-16 13:23 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-16 12:22 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-13 16:11 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-09-13 16:10 82,432 –a—— C:\WINDOWS\system32\cmpbk32a.dll
    2007-09-11 23:25 <DIR> d——– C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy
    2007-08-24 21:46 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\dvdcss
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Shared
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Incomplete
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\LimeWire
    2007-08-22 11:58 <DIR> d——– C:\Program Files\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-16 17:21 ——— d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-11 23:25 ——— d——– C:\Program Files\Zylom Games
    2007-09-11 23:25 ——— d——– C:\DOCUME~1\Ellen\APPLIC~1\Zylom
    2007-09-09 12:19 ——— d-a—— C:\DOCUME~1\Piet\APPLIC~1\SopCast
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\vlc
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Syntrillium
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Symantec
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Real
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ppStream
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\PPLive
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\MSN6
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Lavasoft
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\InterTrust
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Help
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Google
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Creative
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Azureus
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Apple Computer
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\.ABC
    2007-08-12 23:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-12 20:23 ——— d——– C:\Program Files\iTunes
    2007-08-02 15:41 ——— d——– C:\Program Files\PokerStars
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat
    —-a-w 32,768 2007-09-16 20:42:17 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 20:42:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 20:42:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,013 2007-09-16 20:46:46 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    —-a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}]
    2007-09-16 22:39 82432 –a—— c:\windows\system32\cmpbk32a.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04]
    "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32
    wiz.exe]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" []
    "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00]
    "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
    Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\suxoukao]
    cmpbk32a.dll 2007-09-16 22:39 82432 C:\WINDOWS\system32\cmpbk32a.dll


    R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys
    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
    R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
    R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys
    S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
    S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
    S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rvymvtzo
    License

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job"
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-16 22:52:17
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s???
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql]
    "ImagePath"="C:/mysql/bin/mysqld-nt.exe"
    .
    Completion time: 2007-09-16 22:55:52 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-16 22:55
    C:\ComboFix2.txt … 2007-09-16 17:49
    C:\ComboFix3.txt … 2007-09-16 17:17
    .
    — E O F —



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:07:10, on 16-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe


    End of file - 13165 bytes










  • Wil je dit nog een doen aub.




    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:2e9dd7bd5e][b:2e9dd7bd5e]
  • Hier zijn ze

    ComboFix 07-09-13.3 - "Piet" 2007-09-17 12:19:31.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.124 [GMT 2:00]
    * Created a new restore point

    FILE::
    c:\windows\system32\cmpbk32a.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\cmpbk32a.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-17 to 2007-09-17 ))))))))))))))))))))))))))))))
    .

    2007-09-17 12:01 756,224 –a—— C:\WINDOWS\system32\hhlsmrhk.dll
    2007-09-17 12:01 684,567 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-09-17 12:01 68,608 –a—— C:\WINDOWS\system32\mmqliqvj.dll
    2007-09-17 12:01 48,640 –a—— C:\WINDOWS\system32\tnzmdbzz.dll
    2007-09-17 12:01 46,592 –a—— C:\WINDOWS\system32\atmdcpyk.dll
    2007-09-17 12:01 147,729 –a—— C:\WINDOWS\system32\libssl32.dll
    2007-09-17 12:01 123,904 –a—— C:\WINDOWS\system32\hqfezmcm.dll
    2007-09-17 12:01 103,936 –a—— C:\WINDOWS\system32\guicatft.dll
    2007-09-16 13:23 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-16 12:22 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-13 16:11 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-09-13 16:10 82,432 –a—— C:\WINDOWS\system32\cmpbk32a.dll
    2007-09-11 23:25 <DIR> d——– C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy
    2007-08-24 21:46 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\dvdcss
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Shared
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Incomplete
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\LimeWire
    2007-08-22 11:58 <DIR> d——– C:\Program Files\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-16 17:21 ——— d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-11 23:25 ——— d——– C:\Program Files\Zylom Games
    2007-09-11 23:25 ——— d——– C:\DOCUME~1\Ellen\APPLIC~1\Zylom
    2007-09-09 12:19 ——— d-a—— C:\DOCUME~1\Piet\APPLIC~1\SopCast
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\vlc
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Syntrillium
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Symantec
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Real
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ppStream
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\PPLive
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\MSN6
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Lavasoft
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\InterTrust
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Help
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Google
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Creative
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Azureus
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Apple Computer
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\.ABC
    2007-08-12 23:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-12 20:23 ——— d——– C:\Program Files\iTunes
    2007-08-02 15:41 ——— d——– C:\Program Files\PokerStars
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-17 10:19:13 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-17 10:27:37 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-17 10:27:37 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-17 10:27:37 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,016 2007-09-17 10:28:00 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    —-atw 16,384 2007-09-17 10:27:59 C:\WINDOWS\Temp\Perflib_Perfdata_198.dat
    —-a-w 57,856 2007-09-17 10:28:31 C:\WINDOWS\Temp\zquwyxdt.dll
    .
    —-a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}]
    2007-09-17 12:24 82432 –a—— c:\windows\system32\cmpbk32a.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}]
    2007-09-17 12:01 68608 –a—— c:\windows\system32\mmqliqvj.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04]
    "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32
    wiz.exe]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" []
    "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00]
    "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
    Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\suxoukao]
    cmpbk32a.dll 2007-09-17 12:24 82432 C:\WINDOWS\system32\cmpbk32a.dll


    R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys
    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
    R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
    R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys
    S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
    S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
    S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rvymvtzo
    License

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job"
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-17 12:31:04
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s???
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql]
    "ImagePath"="C:/mysql/bin/mysqld-nt.exe"
    .
    Completion time: 2007-09-17 12:33:36 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-17 12:33
    C:\ComboFix2.txt … 2007-09-16 22:55
    C:\ComboFix3.txt … 2007-09-16 17:49
    .
    — E O F —


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:38:58, on 17-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe


    End of file - 13259 bytes












  • Hallo,

    Ik ga even overleggen, het lijkt me steeds terug te komen en ik zie niet hoe dat komt. Ik kom terug bij je.
  • Ik hoop dat het nu wel lukt.


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:c720950b8c]O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll [/b:c720950b8c]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
    [list:c720950b8c][b:c720950b8c]
  • Aangezien er meldingen waren tijdens de batch van Combofix en bij het herstarten van widows, heb ik Combofix twee maal uitgevoerd.

    De meldingen zijn lastig te lezen, omdat ze snel verdwenen waren maar het zag er ongeveer zo uit

    In het Combifix-venster:
    C:\Combofix\DirRoot geen toegang of toegang geweigerd

    Een windowsmelding bij afsluiten
    Nir.cmd.cefex
    kan DLL niet initialiseren

    Heeft het zin om te proberen via een oude opstartdiskette toegang te krijgen tot mijn C:-schijf en de bestanden te verwijderen, zonder dat Windows opstart?

    Hier het eerste en tweede Combofix-log
    en Hijackthis


    ComboFix 07-09-13.3 - "Piet" 2007-09-17 19:26:13.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.148 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\atmdcpyk.dll
    c:\windows\system32\cmpbk32a.dll
    C:\WINDOWS\system32\guicatft.dll
    C:\WINDOWS\system32\hhlsmrhk.dll
    C:\WINDOWS\system32\hqfezmcm.dll
    C:\WINDOWS\system32\mmqliqvj.dll
    C:\WINDOWS\system32\tnzmdbzz.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Temp\zquwyxdt.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-17 to 2007-09-17 ))))))))))))))))))))))))))))))
    .

    2007-09-17 12:01 684,567 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-09-17 12:01 147,729 –a—— C:\WINDOWS\system32\libssl32.dll
    2007-09-16 13:23 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-16 12:22 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-13 16:11 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-09-13 16:10 82,432 –a—— C:\WINDOWS\system32\cmpbk32a.dll
    2007-09-11 23:25 <DIR> d——– C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy
    2007-08-24 21:46 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\dvdcss
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Shared
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Incomplete
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\LimeWire
    2007-08-22 11:58 <DIR> d——– C:\Program Files\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-16 17:21 ——— d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-11 23:25 ——— d——– C:\Program Files\Zylom Games
    2007-09-11 23:25 ——— d——– C:\DOCUME~1\Ellen\APPLIC~1\Zylom
    2007-09-09 12:19 ——— d-a—— C:\DOCUME~1\Piet\APPLIC~1\SopCast
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\vlc
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Syntrillium
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Symantec
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Real
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ppStream
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\PPLive
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\MSN6
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Lavasoft
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\InterTrust
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Help
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Google
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Creative
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Azureus
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Apple Computer
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\.ABC
    2007-08-12 23:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-12 20:23 ——— d——– C:\Program Files\iTunes
    2007-08-02 15:41 ——— d——– C:\Program Files\PokerStars
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-17 10:19:13 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-17 17:33:30 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-17 17:33:30 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-17 17:33:30 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,017 2007-09-17 17:37:54 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    —-atw 16,384 2007-09-17 17:34:07 C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat
    .
    —-a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}]
    2007-09-17 19:31 82432 –a—— c:\windows\system32\cmpbk32a.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04]
    "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32
    wiz.exe]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" []
    "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00]
    "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
    Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\suxoukao]
    cmpbk32a.dll 2007-09-17 19:31 82432 C:\WINDOWS\system32\cmpbk32a.dll


    R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys
    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
    R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
    R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys
    S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
    S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
    S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rvymvtzo
    License

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job"
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-17 19:37:40
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\???B?1???_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s???
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql]
    "ImagePath"="C:/mysql/bin/mysqld-nt.exe"
    .
    Completion time: 2007-09-17 19:41:00 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-17 19:40
    C:\ComboFix2.txt … 2007-09-17 12:33
    C:\ComboFix3.txt … 2007-09-16 22:55
    .
    — E O F —


    [b:d2f3bac182] De tweede keer[/b:d2f3bac182]

    ComboFix 07-09-13.3 - "Piet" 2007-09-17 19:51:09.8 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.109 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\cmpbk32a.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-17 to 2007-09-17 ))))))))))))))))))))))))))))))
    .

    2007-09-17 12:01 684,567 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-09-17 12:01 147,729 –a—— C:\WINDOWS\system32\libssl32.dll
    2007-09-16 13:23 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-16 12:22 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-13 16:11 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-09-13 16:10 82,432 –a—— C:\WINDOWS\system32\cmpbk32a.dll
    2007-09-11 23:25 <DIR> d——– C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy
    2007-08-24 21:46 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\dvdcss
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Shared
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Incomplete
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\LimeWire
    2007-08-22 11:58 <DIR> d——– C:\Program Files\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-16 17:21 ——— d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-11 23:25 ——— d——– C:\Program Files\Zylom Games
    2007-09-11 23:25 ——— d——– C:\DOCUME~1\Ellen\APPLIC~1\Zylom
    2007-09-09 12:19 ——— d-a—— C:\DOCUME~1\Piet\APPLIC~1\SopCast
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\vlc
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Syntrillium
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Symantec
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Real
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ppStream
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\PPLive
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\MSN6
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Lavasoft
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\InterTrust
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Help
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Google
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Creative
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Azureus
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Apple Computer
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\.ABC
    2007-08-12 23:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-12 20:23 ——— d——– C:\Program Files\iTunes
    2007-08-02 15:41 ——— d——– C:\Program Files\PokerStars
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-17 10:19:13 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-17 17:57:43 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-17 17:57:43 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-17 17:57:43 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-17 18:02:12 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    —-atw 16,384 2007-09-17 17:58:23 C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat
    .
    —-a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}]
    2007-09-17 19:55 82432 –a—— c:\windows\system32\cmpbk32a.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04]
    "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32
    wiz.exe]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" []
    "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00]
    "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
    Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\suxoukao]
    cmpbk32a.dll 2007-09-17 19:55 82432 C:\WINDOWS\system32\cmpbk32a.dll


    R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys
    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
    R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
    R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys
    S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
    S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
    S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rvymvtzo
    License

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job"
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-17 20:00:56
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\???????p3`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s???
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql]
    "ImagePath"="C:/mysql/bin/mysqld-nt.exe"
    .
    Completion time: 2007-09-17 20:04:48 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-17 20:04
    C:\ComboFix2.txt … 2007-09-17 19:41
    C:\ComboFix3.txt … 2007-09-17 12:33
    .
    — E O F —

    [b:d2f3bac182] Hijackthis[/b:d2f3bac182]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:54, on 17-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe


    End of file - 13357 bytes

















  • Hallo, gedeeltelijk gelukt, de upload is aangekomen en de tool is aangepast.
    Gooi de huidige combofix weg en start opnieuw op.

    Download de nieuwste aangepaste versie aub.



    Download Combofix
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    naar je Bureaublad.
    Dubbelklik [b:70ffe20dbe]Combofix.exe[/b:70ffe20dbe]
    Volg de instructies, aanvaard de disclaimer door [b:70ffe20dbe]1[/b:70ffe20dbe] (continue) te typen gevolgd door [b:70ffe20dbe]ENTER[/b:70ffe20dbe].Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats dit log in je volgende post aan het einde van de fix. <<<<

    Plaats ook een nieuw HijackThis logje aub.


    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Ik zag weer het bericht, tijdens combofix, dat C:\Combofix\DirRoot geen toegang kreeg tot een bestand. Bovendien starte de PC niet geheel opnieuw op, maar alleen een reset van windows. Ook kreeg ik geen melding van de virusscanner.

    Het probleem is helaas nog niet verholpen. Moet ik de laatste batch met de bestanden niet uitvoeren?

    ComboFix 07-09-18.4 - "Piet" 2007-09-18 15:16:45.9 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.156 [GMT 2:00]
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-08-18 to 2007-09-18 ))))))))))))))))))))))))))))))
    .

    2007-09-18 14:38 68,608 –a—— C:\WINDOWS\system32\mmqliqvj.dll
    2007-09-18 14:38 48,640 –a—— C:\WINDOWS\system32\tnzmdbzz.dll
    2007-09-18 14:37 756,224 –a—— C:\WINDOWS\system32\hhlsmrhk.dll
    2007-09-18 14:37 46,592 –a—— C:\WINDOWS\system32\atmdcpyk.dll
    2007-09-18 14:37 124,928 –a—— C:\WINDOWS\system32\hqfezmcm.dll
    2007-09-18 14:37 103,936 –a—— C:\WINDOWS\system32\guicatft.dll
    2007-09-17 12:01 684,567 –a—— C:\WINDOWS\system32\libeay32.dll
    2007-09-17 12:01 147,729 –a—— C:\WINDOWS\system32\libssl32.dll
    2007-09-16 13:23 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-09-16 12:22 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-13 16:11 <DIR> d——– C:\WINDOWS\system32\AppCert
    2007-09-13 16:10 82,432 –a—— C:\WINDOWS\system32\cmpbk32a.dll
    2007-09-11 23:25 <DIR> d——– C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy
    2007-08-24 21:46 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\dvdcss
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Shared
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\Incomplete
    2007-08-22 12:00 <DIR> d——– C:\DOCUME~1\Piet\APPLIC~1\LimeWire
    2007-08-22 11:58 <DIR> d——– C:\Program Files\LimeWire

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-18 14:39 ——— d——– C:\Program Files\Common Files\Symantec Shared
    2007-09-11 23:25 ——— d——– C:\Program Files\Zylom Games
    2007-09-11 23:25 ——— d——– C:\DOCUME~1\Ellen\APPLIC~1\Zylom
    2007-09-09 12:19 ——— d-a—— C:\DOCUME~1\Piet\APPLIC~1\SopCast
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\vlc
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Syntrillium
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Symantec
    2007-09-09 12:19 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Real
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\ppStream
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\PPLive
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\MSN6
    2007-09-09 12:18 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Lavasoft
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\InterTrust
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Help
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Google
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Creative
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Azureus
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\Apple Computer
    2007-09-09 12:17 ——— d——– C:\DOCUME~1\Piet\APPLIC~1\.ABC
    2007-08-12 23:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-12 20:23 ——— d——– C:\Program Files\iTunes
    2007-08-02 15:41 ——— d——– C:\Program Files\PokerStars
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-18 13:01:56 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-18 12:31:24 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-18 12:31:24 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-18 12:31:24 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,017 2007-09-18 12:35:30 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    —-atw 16,384 2007-09-18 12:31:44 C:\WINDOWS\Temp\Perflib_Perfdata_274.dat
    —-a-w 57,856 2007-09-18 12:37:47 C:\WINDOWS\Temp\zquwyxdt.dll
    .
    —-a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat
    —-a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat
    —-a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat
    —-a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat
    —-a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile
    tuser.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    —-a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}]
    2007-09-18 14:38 82432 –a—— c:\windows\system32\cmpbk32a.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}]
    2007-09-18 14:38 68608 –a—— c:\windows\system32\mmqliqvj.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00]
    "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04]
    "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32
    wiz.exe]
    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
    "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
    "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
    "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" []
    "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00]
    "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
    Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\suxoukao]
    cmpbk32a.dll 2007-09-18 14:38 82432 C:\WINDOWS\system32\cmpbk32a.dll


    R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys
    R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys
    R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS
    R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys
    R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe
    R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys
    R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS
    S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys
    S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys
    S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys
    S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys
    S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys
    S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys
    S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    rvymvtzo
    License

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-18 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 21:00:00 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-17 22:00:00 C:\WINDOWS\Tasks\At25.job"
    "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-09-18 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-17 21:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\System32\oSbkpg71.exe
    "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\System32\LFo1KT4L.exe
    "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-18 15:22:10
    Windows 5.1.2600 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s???
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql]
    "ImagePath"="C:/mysql/bin/mysqld-nt.exe"
    .
    Completion time: 2007-09-18 15:24:17
    C:\ComboFix-quarantined-files.txt … 2007-09-18 15:23
    C:\ComboFix2.txt … 2007-09-17 20:04
    C:\ComboFix3.txt … 2007-09-17 19:41
    .
    — E O F —



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:29:41, on 18-9-2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\TaskBar\CTLTray.exe
    C:\Program Files\Creative\TaskBar\CTLTask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll
    O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE
    un
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adapter Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch
    ichtplan3d/pages/plugin/gvista30161.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68
    O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
    O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe


    End of file - 13220 bytes












  • Mag ik eerst vragen waarom je xp geen SP1 en SP2 bezit??? want het bestand word gelijk weer teruggezet lijkt het wel?
  • Ik dacht, dat ik SP1 had?
  • Nee ik zie geen SP1 hoor??

    [b:4118512ec3]
  • Is U daar nog???

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.