Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

CiD Pop Ups,

None
8 antwoorden
  • Hallo,
    Ik weet dat er meerdere topics zijn over dit probleem maar na vele pogingen met behulp van die topics is het me nog niet gelukt om van de CiD pop ups af te komen. Ik heb dit probleem al 1x meer gehad toen kon ik het zo weghalen met wat scans van AVG maar nu ongeveer 3 weken later is het weer teruggekomen.
    Hier is mijn hjackthis logje:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:33:52, on 15-9-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Xfire\xfire.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ufclan.roxorgamers.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Default Owns.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [rdrrule] C:\DOCUME~1\Dennis\APPLIC~1\4METAP~1\Audio browse wipe.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


    End of file - 7410 bytes

    Ik hoop dat Iemand me kan helpen.

    Groeten
  • Download [b:701a796db3]Combofix[/b:701a796db3] naar je Bureaublad.[list:701a796db3]
    Dubbelklik op [b:701a796db3]Combofix.exe[/b:701a796db3]
    Volg de instructies, aanvaard de disclaimer door [b:701a796db3]1[/b:701a796db3] (continue) te typen gevolgd door [b:701a796db3]ENTER[/b:701a796db3].
    Tijdens het runnen van de fix, [b:701a796db3]NIET[/b:701a796db3] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:701a796db3]
    Wanneer de fix voltooid is en na herstart, zal de log [b:701a796db3]combofix.txt[/b:701a796db3] openen.
    [i:701a796db3]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:701a796db3]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.



    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:701a796db3]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Default Owns.exe
    O4 - HKCU\..\Run: [rdrrule] C:\DOCUME~1\Dennis\APPLIC~1\4METAP~1\Audio browse wipe.exe
    [/b:701a796db3]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Open de verkenner ("Mijn Computer") en kies [b:701a796db3]Extra[/b:701a796db3] -> [b:701a796db3]Mapopties…[/b:701a796db3]
    Controleer onder [b:701a796db3]Weergave[/b:701a796db3] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende directories: in veilige modus (tijdens opstarten op F8 tappen)

    C:\Documents and Settings\All Users\Application Data\[b:701a796db3]third lies itch ford[/b:701a796db3]\
    C:\DOCUME~1\Dennis\APPLIC~1\[b:701a796db3]4METAP~1[/b:701a796db3]\

    Download dit bestand:
    [b:701a796db3]Deljob.exe[/b:701a796db3]
    Plaats het op je bureaublad.
    Indien je virusscanner de download van deljob.exe blokkeert,
    schakel dan tijdelijk je virusscanner uit of download de zip-versie
    [b:701a796db3]deljob.zip[/b:701a796db3]
    en pak deze uit naar je Bureaublad.
    Dubbelklik [b:701a796db3]Deljob.exe[/b:701a796db3].
    Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
    Post de inhoud van [b:701a796db3]logit.txt[/b:701a796db3] in je volgende bericht.

    plaats in je volgende post.
    het deljob logje
    het combofix logje
    een nieuw HJT logje

    succes
  • Hallo,
    Bedankt voor je reactie!

    Ik heb alles met succes uit kunnen voeren. Hier zijn mijn logjes.

    Hjackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:20:05, on 15-9-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\EASYPH~1\Apache\apache.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\PROGRA~1\EASYPH~1\Apache\apache.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ufclan.roxorgamers.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


    End of file - 7250 bytes

    Combofix log:

    ComboFix 07-08-24.4 - "Dennis" 2007-08-24 19:59:21.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1479 [GMT 2:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Dennis\APPLIC~1\macromedia\Flash Player\#SharedObjects\2RWSKVNW\iforex.com
    C:\DOCUME~1\Dennis\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\DOCUME~1\Dennis\BUREAU~1\internet.lnk
    C:\WINDOWS\system32\dwdsrngt.exe
    C:\WINDOWS\system32\lodsrngk.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32
    sq24.dll
    C:\WINDOWS\system32
    sz26.dll
    C:\WINDOWS\system32\qwinpmdt.exe
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\zxdnt3d.cfg


    ((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


    2007-08-24 19:58 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-24 18:28 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\4 meta pure
    2007-08-24 18:27 82,248 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-08-24 18:27 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-08-24 18:27 57,672 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-08-24 18:27 40,264 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-08-24 18:27 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-08-24 18:27 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-08-24 18:27 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\PC Tools
    2007-08-24 17:40 <DIR> d——– C:\Program Files\Lavasoft
    2007-08-24 17:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-24 17:26 <DIR> d——– C:\Program Files\Trend Micro
    2007-08-24 15:56 <DIR> d——– C:\WINDOWS\LastGood.Tmp
    2007-08-23 17:41 33,511 –a—— C:\WINDOWS\system32
    injaext-uninstall.exe
    2007-08-22 18:29 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\NASA
    2007-08-22 18:28 <DIR> d——– C:\Program Files\NASA
    2007-08-22 18:27 <DIR> d——– C:\WINDOWS\system32\URTTemp
    2007-08-20 19:58 75,264 –a—— C:\WINDOWS\system32
    injaext.dll
    2007-08-19 00:10 <DIR> d–hs—- C:\Program Files\outlook
    2007-08-18 23:54 39,884 –a—— C:\WINDOWS\system32\gzmrot-uninst.exe
    2007-08-18 23:53 55,542 –a—— C:\WINDOWS\system32\adssite-remove.exe
    2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\Incomplete
    2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\LimeWirePlus
    2007-08-18 23:41 <DIR> d——– C:\Program Files\LimeWire Plus
    2007-08-16 16:35 <DIR> d——– C:\Program Files\Ventrilo
    2007-08-16 16:35 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-16 16:35 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Ventrilo
    2007-08-14 20:30 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Download Manager
    2007-08-14 13:24 <DIR> d——– C:\Program Files\mIRC
    2007-08-12 22:37 286,720 –a—— C:\WINDOWS\iun506.exe
    2007-08-12 22:37 <DIR> d——– C:\Program Files\Rcon Unlimited
    2007-08-12 17:21 286,720 ——— C:\WINDOWS\Setup1.exe
    2007-08-12 17:21 <DIR> d——– C:\Program Files\Rcon4Cod2
    2007-08-12 17:17 73,216 –a—— C:\WINDOWS\ST6UNST.EXE
    2007-08-12 14:27 <DIR> d——– C:\Program Files\FileZilla
    2007-08-10 21:15 <DIR> d——– C:\Program Files\VALVe
    2007-08-09 18:47 <DIR> d——– C:\Program Files\MSBuild
    2007-08-09 18:47 <DIR> d——– C:\Program Files\Microsoft Works
    2007-08-09 18:45 <DIR> d——– C:\WINDOWS\SHELLNEW
    2007-08-09 18:44 <DIR> dr-h—– C:\MSOCache
    2007-08-09 18:44 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-08-09 18:23 <DIR> d——– C:\Program Files\DivX
    2007-08-09 15:15 1,165 –a—— C:\WINDOWS\mozver.dat
    2007-08-09 15:07 <DIR> d——– C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
    2007-08-08 23:52 0 –a—— C:\WINDOWS
    sreg.dat
    2007-08-07 11:52 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
    2007-08-06 11:58 50,688 –a—— C:\WINDOWS\system32\wbhelp2.dll
    2007-08-06 11:58 499,712 –a—— C:\WINDOWS\system32\msvcp71.dll
    2007-08-06 11:58 348,160 –a—— C:\WINDOWS\system32\msvcr71.dll
    2007-08-06 11:58 1,060,864 –a—— C:\WINDOWS\system32\MFC71.dll
    2007-08-06 11:58 <DIR> d——– C:\Program Files\Ipswitch
    2007-08-06 11:58 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Ipswitch
    2007-08-06 11:58 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
    2007-08-06 11:56 <DIR> d—s—- C:\DOCUME~1\Dennis\UserData
    2007-08-05 23:22 <DIR> d——– C:\Program Files\Teamspeak2_RC2
    2007-08-05 23:22 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\teamspeak2
    2007-08-05 22:56 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    2007-08-05 22:54 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb bolt knob third
    2007-08-05 22:53 <DIR> d——– C:\Program Files\MessengerPlus! 3
    2007-08-05 22:53 <DIR> d——– C:\Program Files\Adverts
    2007-08-05 22:53 <DIR> d——– C:\Program Files\4 meta pure
    2007-08-05 22:53 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\4 meta pure
    2007-08-05 22:53 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
    2007-08-05 22:52 <DIR> d——– C:\Program Files\MSN Messenger
    2007-08-05 22:51 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-08-05 18:36 4,682 –a—— C:\WINDOWS\system32
    pptNT2.sys
    2007-08-05 18:23 <DIR> d——– C:\Program Files\Google
    2007-08-05 18:23 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Google
    2007-08-05 18:23 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    2007-08-05 18:23 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-05 18:11 <DIR> d——– C:\Program Files\Gpotato
    2007-08-05 13:11 <DIR> d——– C:\Program Files\CoD RconTool
    2007-08-05 11:37 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
    2007-08-05 11:37 207,736 –a—— C:\WINDOWS\system32\muweb.dll
    2007-08-05 11:37 <DIR> d——– C:\DOCUME~1\Dennis\Contacts
    2007-08-05 11:33 <DIR> d——– C:\Program Files\Windows Live
    2007-08-05 11:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2007-08-05 11:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
    2007-08-04 23:45 <DIR> d–h—– C:\WINDOWS\$hf_mig$
    2007-08-04 23:45 <DIR> d——– C:\WINDOWS\system32\PreInstall
    2007-08-04 22:38 <DIR> d——– C:\Program Files\uTorrent
    2007-08-04 22:38 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\uTorrent
    2007-08-04 22:36 <DIR> d——– C:\DOCUME~1\Dennis\Downloads
    2007-08-04 17:14 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Logitech
    2007-08-04 17:09 34,576 –a—— C:\WINDOWS\system32\drivers\LHidFilt.Sys
    2007-08-04 17:09 33,296 –a—— C:\WINDOWS\system32\drivers\LMouFilt.Sys
    2007-08-04 17:09 127,034 -r——- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-08-04 17:09 101,136 –a—— C:\WINDOWS\KHALMNPR.Exe
    2007-08-04 17:09 1,419,024 –a—— C:\WINDOWS\system32\WdfCoInstaller01005.dll
    2007-08-04 17:09 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
    2007-08-04 17:09 <DIR> d——– C:\WINDOWS\system32\ReinstallBackups
    2007-08-04 17:08 69,632 –a—— C:\WINDOWS\system32\KemXML.dll
    2007-08-04 17:08 163,840 –a—— C:\WINDOWS\system32\kemutb.dll
    2007-08-04 17:08 135,168 –a—— C:\WINDOWS\system32\KemUtil.dll
    2007-08-04 17:08 110,592 –a—— C:\WINDOWS\system32\KemWnd.dll
    2007-08-04 17:08 <DIR> d——– C:\Program Files\Logitech
    2007-08-04 17:08 <DIR> d——– C:\Program Files\Common Files\Logitech
    2007-08-04 17:08 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    2007-08-04 16:59 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2007-08-04 16:59 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-05 15:05 8972 –a—— C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
    2007-08-05 15:05 2378 –a—— C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
    2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-13 16:46 61440 –a—— C:\WINDOWS\system32\gzmrotate.dll
    2007-06-29 00:43 8466432 –a—— C:\WINDOWS\system32
    vcpl.dll
    2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32
    vwddi.dll
    2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32
    vmctray.dll
    2007-06-29 00:43 753664 –a—— C:\WINDOWS\system32
    vcplui.exe
    2007-06-29 00:43 6807328 –a—— C:\WINDOWS\system32\drivers
    v4_mini.sys
    2007-06-29 00:43 6729728 –a—— C:\WINDOWS\system32
    voglnt.dll
    2007-06-29 00:43 6234112 –a—— C:\WINDOWS\system32
    vdisps.dll
    2007-06-29 00:43 5690624 –a—— C:\WINDOWS\system32
    v4_disp.dll
    2007-06-29 00:43 5455872 –a—— C:\WINDOWS\system32
    vdispsr.dll
    2007-06-29 00:43 466944 –a—— C:\WINDOWS\system32
    vshell.dll
    2007-06-29 00:43 458752 –a—— C:\WINDOWS\system32
    vmccssr.dll
    2007-06-29 00:43 45056 –a—— C:\WINDOWS\system32
    vmccsrs.dll
    2007-06-29 00:43 442368 –a—— C:\WINDOWS\system32
    vappbar.exe
    2007-06-29 00:43 425984 –a—— C:\WINDOWS\system32\keystone.exe
    2007-06-29 00:43 37376 –a—— C:\WINDOWS\system32
    vcodins.dll
    2007-06-29 00:43 37376 –a—— C:\WINDOWS\system32
    vcod.dll
    2007-06-29 00:43 360448 –a—— C:\WINDOWS\system32
    vapi.dll
    2007-06-29 00:43 3600384 –a—— C:\WINDOWS\system32
    vvitvsr.dll
    2007-06-29 00:43 3518464 –a—— C:\WINDOWS\system32
    vvitvs.dll
    2007-06-29 00:43 3321856 –a—— C:\WINDOWS\system32
    vgames.dll
    2007-06-29 00:43 3072000 –a—— C:\WINDOWS\system32
    vgamesr.dll
    2007-06-29 00:43 307200 –a—— C:\WINDOWS\system32
    vexpbar.dll
    2007-06-29 00:43 286720 –a—— C:\WINDOWS\system32
    vnt4cpl.dll
    2007-06-29 00:43 2854912 –a—— C:\WINDOWS\system32
    vmoblsr.dll
    2007-06-29 00:43 2416640 –a—— C:\WINDOWS\system32
    vwssr.dll
    2007-06-29 00:43 2330624 –a—— C:\WINDOWS\system32
    vwss.dll
    2007-06-29 00:43 229376 –a—— C:\WINDOWS\system32
    vmccs.dll
    2007-06-29 00:43 188416 –a—— C:\WINDOWS\system32
    vmccss.dll
    2007-06-29 00:43 1703936 –a—— C:\WINDOWS\system32
    vwdmcpl.dll
    2007-06-29 00:43 1626112 –a—— C:\WINDOWS\system32
    wiz.exe
    2007-06-29 00:43 155716 –a—— C:\WINDOWS\system32
    vsvc32.exe
    2007-06-29 00:43 1474560 –a—— C:\WINDOWS\system32
    view.dll
    2007-06-29 00:43 147456 –a—— C:\WINDOWS\system32
    vcolor.exe
    2007-06-29 00:43 1339392 –a—— C:\WINDOWS\system32
    vdspsch.exe
    2007-06-29 00:43 1142784 –a—— C:\WINDOWS\system32
    vmobls.dll
    2007-06-29 00:43 1073152 –a—— C:\WINDOWS\system32
    vcpluir.dll
    2007-06-29 00:43 1019904 –a—— C:\WINDOWS\system32
    vwimg.dll
    2007-06-29 00:43 1018772 –a—— C:\WINDOWS\system32
    vucode.bin
    2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
    2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
    2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
    2007-07-13 16:46 61440 –a—— C:\WINDOWS\system32\gzmrotate.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32
    wiz.exe]
    "SigmatelSysTrayApp"="sttray.exe" []
    "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
    "Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\okay enc.exe" [2007-08-24 20:01]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:23]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "rdrrule"="C:\DOCUME~1\LOCALS~1\APPLIC~1\4METAP~1\Audio browse wipe.exe" [2007-08-05 22:53]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 20:28]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"



    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-24 20:01:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-24 20:01:58 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-08-24 20:01

    — E O F —


    Deljob Log:
    ——————————————————–
    File(s) moved to C:\deljob

    AECB1FB5918492B1.job
    ——————————————————–
    Files remaining after cleaning

    ——————————————————–
    App data folders

    Het volume in station C heeft geen naam.
    Het volumenummer is 5407-D9C7

    Map van C:\Documents and Settings\Dennis\Application Data

    15-09-2007 22:15 <DIR> .
    15-09-2007 22:15 <DIR> ..
    10-09-2007 17:11 <DIR> Adobe
    15-09-2007 10:46 <DIR> AVG7
    30-08-2007 14:34 <DIR> BSplayer
    25-08-2007 19:20 <DIR> BSPLAY~1 BSplayer Pro
    08-09-2007 21:17 <DIR> Corel
    29-08-2007 14:05 <DIR> DivX
    14-08-2007 20:30 <DIR> DOWNLO~1 Download Manager
    22-08-2007 16:08 <DIR> Google
    15-09-2007 22:18 <DIR> Hamachi
    04-08-2007 15:03 <DIR> IDENTI~1 Identities
    06-08-2007 11:58 <DIR> Ipswitch
    19-08-2007 00:19 <DIR> LIMEWI~1 LimeWirePlus
    04-08-2007 17:14 <DIR> Logitech
    05-08-2007 18:16 <DIR> MACROM~1 Macromedia
    25-08-2007 19:55 <DIR> MEDIAP~1 Media Player Classic
    15-09-2007 19:48 <DIR> MICROS~1 Microsoft
    13-09-2007 17:58 <DIR> Mozilla
    22-08-2007 18:29 <DIR> NASA
    24-08-2007 18:27 <DIR> PCTOOL~1 PC Tools
    13-09-2007 18:15 <DIR> SECOND~1 SecondLife
    04-08-2007 15:26 <DIR> SONICF~1 Sonic Focus
    18-08-2007 23:50 <DIR> Sun
    08-09-2007 21:36 <DIR> TEAMSP~1 teamspeak2
    16-08-2007 16:36 <DIR> Ventrilo
    13-09-2007 20:07 <DIR> Xfire
    0 bestand(en) 0 bytes
    27 map(pen) 258.817.806.336 bytes beschikbaar
    Het volume in station C heeft geen naam.
    Het volumenummer is 5407-D9C7

    Map van C:\Documents and Settings\All Users\Application Data

    15-09-2007 22:13 <DIR> .
    15-09-2007 22:13 <DIR> ..
    09-09-2007 00:13 <DIR> Adobe
    09-09-2007 00:13 <DIR> ADOBES~1 Adobe Systems
    15-09-2007 10:46 <DIR> avg7
    26-08-2007 16:28 <DIR> Corel
    21-08-2007 18:43 <DIR> DUMBBO~1 dumb bolt knob third
    05-08-2007 18:23 <DIR> Google
    14-09-2007 18:00 <DIR> GOOGLE~1 Google Updater
    14-09-2007 18:22 <DIR> Grisoft
    06-08-2007 11:58 <DIR> Ipswitch
    04-08-2007 17:08 <DIR> Logitech
    05-08-2007 22:56 <DIR> MESSEN~1 Messenger Plus!
    15-09-2007 20:07 <DIR> MICROS~1 Microsoft
    15-08-2007 23:07 <DIR> MICROS~2 Microsoft Help
    07-09-2007 21:50 <DIR> TEMP
    05-08-2007 11:34 <DIR> WINDOW~1 WindowsLiveInstaller
    05-08-2007 11:33 <DIR> WLINST~1 WLInstaller
    0 bestand(en) 0 bytes
    18 map(pen) 258.817.806.336 bytes beschikbaar
    ——————————————————–

    Dit zijn de logjes.

    Groeten
  • Het gaat vast al beter

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:a72ad23715][b:a72ad23715]
    File::
    C:\WINDOWS\system32\gzmrotate.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]

    [/color:a72ad23715][/b:a72ad23715][/list:u:a72ad23715]Sla dit op op je Bureaublad als [b:a72ad23715]CFScript.txt[/b:a72ad23715]

    Sleep [b:a72ad23715]CFScript.txt[/b:a72ad23715] in [b:a72ad23715]ComboFix.exe[/b:a72ad23715] zoals getoond in onderstaand voorbeeld :

    [img:a72ad23715]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:a72ad23715]

    Dit zal [b:a72ad23715]ComboFix[/b:a72ad23715] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:a72ad23715]Combofix.txt[/b:a72ad23715] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Ok, het is gelukt hier is de nieuwe combofix log:

    ComboFix 07-09-14.2 - "Dennis" 2007-09-15 22:57:11.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1435 [GMT 2:00]
    Command switches used :: C:\Documents and Settings\Dennis\Bureaublad\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\gzmrotate.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\gzmrotate.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
    .

    2007-09-15 21:39 2,688 –a–c— C:\WINDOWS\system32\dllcache\hidswvd.sys
    2007-09-15 21:39 2,688 –a—— C:\WINDOWS\system32\drivers\HIDSwvd.sys
    2007-09-15 21:38 59,136 –a–c— C:\WINDOWS\system32\dllcache\gckernel.sys
    2007-09-15 21:38 59,136 –a—— C:\WINDOWS\system32\drivers\GcKernel.sys
    2007-09-15 20:00 <DIR> d——– C:\DOCUME~1\NETWOR~1\APPLIC~1\4 meta pure
    2007-09-15 19:39 <DIR> d——– C:\Program Files\Microsoft Games
    2007-09-15 17:06 <DIR> d——– C:\Program Files\EasyPHP1-8
    2007-09-15 17:00 <DIR> d——– C:\Program Files\MySQL
    2007-09-15 13:11 <DIR> d——– C:\Usb Webserver
    2007-09-15 12:54 361,542,494 –a—— C:\wow-2[1].0.12.6546-to-2.1.0.6692-engb-patch.exe
    2007-09-15 12:37 <DIR> d——– C:\Program Files\Common Files\Blizzard Entertainment
    2007-09-15 11:45 <DIR> d——– C:\Program Files\World of Warcraft Jester's Wow
    2007-09-15 11:44 <DIR> d——– C:\Program Files\Wow Patches
    2007-09-14 22:23 18,944 –a—— C:\WINDOWS\eraser.exe
    2007-09-14 22:23 <DIR> d——– C:\Program Files\LeechFTP
    2007-09-14 21:43 <DIR> d——– C:\WINDOWS\pss
    2007-09-14 16:46 <DIR> d——– C:\deljob
    2007-09-14 16:06 <DIR> d——– C:\Program Files\4 meta pure
    2007-09-13 19:50 <DIR> d——– C:\Program Files\Picasa2
    2007-09-13 18:04 34,438,929 –a—— C:\Second Life 1-18-1-2 Setup.exe
    2007-09-13 17:58 <DIR> d——– C:\Program Files\SecondLife
    2007-09-13 17:58 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\SecondLife
    2007-09-13 17:57 32,528,273 –a—— C:\Second Life 1-18-0-6 Setup.exe
    2007-09-13 15:51 <DIR> d——– C:\Program Files\EPN
    2007-09-13 15:02 <DIR> d——– C:\temp
    2007-09-13 15:02 <DIR> d——– C:\malmberg
    2007-09-09 00:13 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
    2007-09-09 00:13 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
    2007-09-08 23:28 <DIR> d——– C:\Program Files\BearShare Pro
    2007-09-08 23:28 <DIR> d——– C:\DOWNLOADS
    2007-09-08 23:28 <DIR> d——– C:\!Temp
    2007-09-08 23:23 <DIR> d——– C:\Program Files
    ik
    2007-09-08 23:19 <DIR> d——– C:\photoshop
    2007-09-08 16:02 86,016 –a—— C:\WINDOWS\system32\OpenAL32.dll
    2007-09-08 16:02 262,144 –a—— C:\WINDOWS\system32\wrap_oal.dll
    2007-09-08 16:01 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
    2007-09-08 16:01 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
    2007-09-08 16:01 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
    2007-09-08 16:01 <DIR> d——– C:\WINDOWS\system32\Futuremark
    2007-09-08 15:59 <DIR> d——– C:\Program Files\Futuremark
    2007-09-04 17:46 <DIR> d——– C:\Program Files\EPN werkboek-i
    2007-09-01 23:55 25,544 –a—— C:\WINDOWS\system32\drivers\hamachi.sys
    2007-09-01 23:55 <DIR> d——– C:\Program Files\Hamachi
    2007-09-01 23:55 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Hamachi
    2007-08-29 21:21 695 –a—— C:\WINDOWS\eReg.dat
    2007-08-27 16:16 <DIR> d——– C:\Program Files\DAEMON Tools
    2007-08-27 16:14 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-08-27 16:02 <DIR> d——– C:\Program Files\GameSpy Arcade
    2007-08-27 16:02 <DIR> d——– C:\Program Files\EA GAMES
    2007-08-26 16:28 472,656 –a—— C:\DOCUME~1\ALLUSE~1\APPLIC~1\pswi_preloaded.exe
    2007-08-26 16:28 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Corel
    2007-08-26 16:28 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
    2007-08-26 16:27 88 -r-hs—- C:\WINDOWS\system32\F96B242822.sys
    2007-08-26 16:27 2,672 –ahs—- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-08-26 16:27 <DIR> d——– C:\Program Files\Corel
    2007-08-26 16:15 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-08-26 16:14 <DIR> d——– C:\Program Files\Banner Maker Pro 6
    2007-08-25 20:44 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\DivX
    2007-08-25 19:55 765,952 –a—— C:\WINDOWS\system32\xvidcore.dll
    2007-08-25 19:55 180,224 –a—— C:\WINDOWS\system32\xvidvfw.dll
    2007-08-25 19:55 10,752 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2007-08-25 19:55 1,565,480 –a—— C:\WINDOWS\system32\wmv9vcm.dll
    2007-08-25 19:55 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-08-25 19:55 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Media Player Classic
    2007-08-25 19:29 356,352 –a—— C:\WINDOWS\eSellerateEngine.dll
    2007-08-25 19:28 258,352 –a—— C:\WINDOWS\system32\Unicows.dll
    2007-08-25 19:28 <DIR> d——– C:\Program Files\Deskshare
    2007-08-25 19:28 <DIR> d——– C:\Program Files\Common Files\DeskShare Shared
    2007-08-25 19:25 <DIR> d——– C:\Program Files\All Video Converter
    2007-08-25 19:20 <DIR> d——– C:\Program Files\Webteh
    2007-08-25 19:20 <DIR> d——– C:\Program Files\AdVantage
    2007-08-25 19:20 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\BSplayer Pro
    2007-08-25 19:20 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\BSplayer
    2007-08-24 20:04 <DIR> d——– C:\DOCUME~1\Dennis\DoctorWeb
    2007-08-24 19:58 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-24 18:28 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\4 meta pure
    2007-08-24 18:27 82,248 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-08-24 18:27 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-08-24 18:27 57,672 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-08-24 18:27 40,264 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-08-24 18:27 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-08-24 18:27 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-08-24 18:27 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\PC Tools
    2007-08-24 17:26 <DIR> d——– C:\Program Files\Trend Micro
    2007-08-23 17:41 33,511 –a—— C:\WINDOWS\system32
    injaext-uninstall.exe
    2007-08-22 18:29 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\NASA
    2007-08-22 18:28 <DIR> d——– C:\Program Files\NASA
    2007-08-22 18:27 <DIR> d——– C:\WINDOWS\system32\URTTemp
    2007-08-20 19:58 75,264 –a—— C:\WINDOWS\system32
    injaext.dll
    2007-08-19 00:10 <DIR> d–hs—- C:\Program Files\outlook
    2007-08-18 23:54 40,315 –a—— C:\WINDOWS\system32\gzmrot-uninst.exe
    2007-08-18 23:53 55,542 –a—— C:\WINDOWS\system32\adssite-remove.exe
    2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\Incomplete
    2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\LimeWirePlus
    2007-08-18 23:41 <DIR> d——– C:\Program Files\LimeWire Plus
    2007-08-16 16:35 <DIR> d——– C:\Program Files\Ventrilo
    2007-08-16 16:35 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-16 16:35 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Ventrilo

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-15 22:30 22328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-09-15 22:30 103736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2007-09-15 20:07 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-09-14 18:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    2007-09-14 16:02 ——— d——– C:\Program Files\MSN Messenger
    2007-09-13 20:07 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Xfire
    2007-09-11 15:00 ——— d—s—- C:\Program Files\Xfire
    2007-09-08 21:36 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\teamspeak2
    2007-09-07 17:44 ——— d——– C:\Program Files\Rcon4Cod2
    2007-08-31 22:18 ——— d——– C:\Program Files\mIRC
    2007-08-29 16:09 ——— d——– C:\Program Files\Common Files\InstallShield
    2007-08-27 16:12 28400 –a—— C:\WINDOWS\system32\drivers\secdrv.sys
    2007-08-25 20:43 ——— d——– C:\Program Files\DivX
    2007-08-24 19:24 ——— d——– C:\Program Files\Adverts
    2007-08-22 16:08 ——— d——– C:\Program Files\Google
    2007-08-22 16:08 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Google
    2007-08-21 18:43 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb bolt knob third
    2007-08-15 23:07 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-08-14 20:30 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Download Manager
    2007-08-12 22:38 ——— d——– C:\Program Files\Rcon Unlimited
    2007-08-12 22:37 286720 –a—— C:\WINDOWS\iun506.exe
    2007-08-12 17:21 73216 –a—— C:\WINDOWS\ST6UNST.EXE
    2007-08-12 17:21 286720 ——— C:\WINDOWS\Setup1.exe
    2007-08-12 14:29 ——— d——– C:\Program Files\FileZilla
    2007-08-10 21:15 ——— d——– C:\Program Files\VALVe
    2007-08-09 18:47 ——— d——– C:\Program Files\MSBuild
    2007-08-09 18:47 ——— d——– C:\Program Files\Microsoft Works
    2007-08-09 15:07 ——— d——– C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
    2007-08-07 11:52 ——— d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
    2007-08-06 11:58 ——— d——– C:\Program Files\Ipswitch
    2007-08-06 11:58 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Ipswitch
    2007-08-06 11:58 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
    2007-08-05 23:22 ——— d——– C:\Program Files\Teamspeak2_RC2
    2007-08-05 22:56 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    2007-08-05 22:53 ——— d——– C:\Program Files\MessengerPlus! 3
    2007-08-05 18:23 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-05 18:11 ——— d——– C:\Program Files\Gpotato
    2007-08-05 13:11 ——— d——– C:\Program Files\CoD RconTool
    2007-08-05 11:34 ——— d——– C:\Program Files\Windows Live
    2007-08-05 11:34 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
    2007-08-05 11:33 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2007-08-04 17:14 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Logitech
    2007-08-04 17:09 127034 -r——- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2007-08-04 17:09 ——— d——– C:\Program Files\Logitech
    2007-08-04 17:09 ——— d——– C:\Program Files\Common Files\Logitech
    2007-08-04 17:08 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    2007-08-04 16:59 66872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2007-08-04 16:10 ——— d——– C:\Program Files\Activision
    2007-08-04 15:26 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Sonic Focus
    2007-08-04 15:21 ——— d——– C:\Program Files\Intel Audio Studio
    2007-08-04 15:20 ——— d——– C:\Program Files\SigmaTel
    2007-08-04 15:05 ——— d——– C:\Program Files\MSXML 4.0
    2007-08-04 15:00 ——— d——– C:\Program Files\microsoft frontpage
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 –a—— C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 –a—— C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    2007-07-26 05:06 144704 –a—— C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-07-26 04:53 9464 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-07-26 04:53 9336 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-07-26 04:53 524288 –a—— C:\WINDOWS\system32\DivXsm.exe
    2007-07-26 04:53 43528 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-07-26 04:53 3596288 –a—— C:\WINDOWS\system32\qt-dx331.dll
    2007-07-26 04:53 200704 –a—— C:\WINDOWS\system32\ssldivx.dll
    2007-07-26 04:53 129784 ——— C:\WINDOWS\system32\pxafs.dll
    2007-07-26 04:53 120056 ——— C:\WINDOWS\system32\pxcpyi64.exe
    2007-07-26 04:53 118520 ——— C:\WINDOWS\system32\pxinsi64.exe
    2007-07-26 04:53 1044480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-07-26 04:50 823296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
    2007-07-26 04:50 823296 –a—— C:\WINDOWS\system32\divx_xx07.dll
    2007-07-26 04:50 81920 –a—— C:\WINDOWS\system32\dpl100.dll
    2007-07-26 04:50 802816 –a—— C:\WINDOWS\system32\divx_xx11.dll
    2007-07-26 04:50 740442 –a—— C:\WINDOWS\system32\DivX.dll
    2007-07-26 04:50 593920 –a—— C:\WINDOWS\system32\dpuGUI11.dll
    2007-07-26 04:50 57344 –a—— C:\WINDOWS\system32\dpv11.dll
    2007-07-26 04:50 53248 –a—— C:\WINDOWS\system32\dpuGUI10.dll
    2007-07-26 04:50 344064 –a—— C:\WINDOWS\system32\dpus11.dll
    2007-07-26 04:50 294912 –a—— C:\WINDOWS\system32\dpu11.dll
    2007-07-26 04:50 294912 –a—— C:\WINDOWS\system32\dpu10.dll
    2007-07-26 04:50 196608 –a—— C:\WINDOWS\system32\dtu100.dll
    2007-07-26 04:49 12288 –a—— C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-06-29 00:43 8466432 –a—— C:\WINDOWS\system32
    vcpl.dll
    2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32
    vwddi.dll
    2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32
    vmctray.dll
    2007-06-29 00:43 753664 –a—— C:\WINDOWS\system32
    vcplui.exe
    2007-06-29 00:43 6729728 –a—— C:\WINDOWS\system32
    voglnt.dll
    2007-06-29 00:43 6234112 –a—— C:\WINDOWS\system32
    vdisps.dll
    2007-06-29 00:43 5690624 –a—— C:\WINDOWS\system32
    v4_disp.dll
    2007-06-29 00:43 5455872 –a—— C:\WINDOWS\system32
    vdispsr.dll
    2007-06-29 00:43 466944 –a—— C:\WINDOWS\system32
    vshell.dll
    2007-06-29 00:43 458752 –a—— C:\WINDOWS\system32
    vmccssr.dll
    2007-06-29 00:43 45056 –a—— C:\WINDOWS\system32
    vmccsrs.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-15_220034,17 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 273,376 2007-09-15 20:06:42 C:\WINDOWS\system32\FNTCACHE.DAT
    .
    —-a-w 269,392 2007-09-09 14:50:19 C:\WINDOWS\system32\FNTCACHE.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32
    wiz.exe]
    "SigmatelSysTrayApp"="sttray.exe" []
    "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 18:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:23]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 22:48]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
    Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-05 18:23:12]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-04 17:13:03]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-04 17:12:39]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

    C:\DOCUME~1\Dennis\MENUST~1\PROGRA~1\OPSTAR~1\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-09-01 23:55:18]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "gusvc"=2 (0x2)
    "Adobe LM Service"=3 (0x3)

    S3 GcKernel;Microsoft SideWinder Value Add - Filterstuurprogramma;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
    S3 HIDSwvd;Mini-stuurprogramma voor virtueel HID-apparaat van Microsoft SideWinder;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-15 22:59:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-15 23:00:09 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-09-15 23:00
    C:\ComboFix2.txt … 2007-09-15 22:00
    C:\ComboFix3.txt … 2007-08-24 20:01
    .
    — E O F —
  • gaat vast al beter, toch?
  • Halo,

    Het gaat zeker beter!
    De pop ups zijn weg en alle andere nare dingen ook.
    Dank u wel voor uw snelle, duidelijke en goede hulp.

    Groeten.
  • Graag gedaan. :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.