Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Explorer.exe sluit automatisch af

pimvandenderen
9 antwoorden
  • Hey allemaal,

    Ik zit met een probleem:
    Ik ben gister bezig geweest met het installeren van de nieuwe winrar maar na een herstart sloot ie meteen na het aanmelden en opstarten explorer.exe af… ook wanneer ik het weer open via taakbeheer……..

    hier mijn hijackthislog, ik ben bezig met combofix, heb al vundofix, ad-aware en atf cleaner gehad…


    [code:1:8f4fe72f8b]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:30:00, on 30-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=6061116
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [DME-N Network Driver] C:\WINDOWS\system32\DME-N Network Driver.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d
    unaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab
    O16 - DPF: {C7DC40E0-6601-4530-9AFB-68506CAE2628} - http://www.idoclogicx.com/webdemo/setup.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 10566 bytes [/code:1:8f4fe72f8b]

    Alvast bedankt voor het lezen in ieder geval :)
  • //EDIT:

    Yes! Combofix heeft zijn werk goed gedaan, hij doet het weer :)
    Maar hij is wel super traag nu, misschien dat er iemand even naar mijn combofix logje kan kijken….

    ComboFix 07-11-19.4C - Mark Stam 2007-12-01 11:25:32.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.410 [GMT 1:00] Gestart vanuit: C:\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gjllm.bak1 C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\mlljg.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))) . 2007-12-01 11:19 1,560,556 –a—— C:\ComboFix.exe 2007-12-01 11:05 <DIR> d——– C:\VundoFix Backups 2007-12-01 11:05 118,272 –a—— C:\VundoFix.exe 2007-11-30 22:50 <DIR> d——– C:\Program Files\lx_cats 2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Sjablonen 2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten 2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten 2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Gtek 2007-11-30 11:19 35,840 –a—— C:\WINDOWS\system32\rqrspqp.dll 2007-11-29 01:31 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\Windows Desktop Search 2007-11-29 01:29 <DIR> d——– C:\Program Files\Windows Desktop Search 2007-11-29 01:29 192,000 ——— C:\WINDOWS\system32\dllcache\offfilt.dll 2007-11-29 01:29 98,304 ——— C:\WINDOWS\system32\dllcache
    lhtml.dll 2007-11-29 01:29 29,696 ——— C:\WINDOWS\system32\dllcache\mimefilt.dll 2007-11-24 23:38 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\WizzTones 2007-11-23 00:04 <DIR> d——– C:\Program Files\Ultra Dvd2mp3 2007-11-21 23:23 <DIR> d——– C:\WINDOWS\SWAT 4 2007-11-21 23:23 <DIR> d——– C:\Program Files\SWAT 4 2007-11-21 20:35 <DIR> d——– C:\Program Files\Direct WAV MP3 Splitter 2007-11-19 12:27 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe 2007-11-18 21:41 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\VirtuaWin 2007-11-18 21:31 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe 2007-11-18 21:31 160,217 –a—— C:\WINDOWS\system32\PowerToysLicense.rtf 2007-11-12 16:34 18,432 –ahs—- C:\WINDOWS\system32\Thumbs.db 2007-11-10 13:12 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll 2007-11-10 12:57 <DIR> d——– C:\Program Files\directx 2007-11-10 12:32 <DIR> d——– C:\Program Files\Activision 2007-11-10 12:30 <DIR> d–hs—- C:\WINDOWS\ftpcache 2007-11-06 23:42 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\InstallShield 2007-11-06 23:42 321,168 –a—— C:\WINDOWS\system32\DMENcfg.exe 2007-11-06 23:42 226,976 –a—— C:\WINDOWS\system32\DMENcpl.cpl 2007-11-06 23:42 19,616 ——— C:\WINDOWS\system32\DMENdrv.dll 2007-11-06 23:42 698 –a—— C:\WINDOWS\system32\DMENcpl.cpl.manifest 2007-11-06 23:42 687 –a—— C:\WINDOWS\system32\DMENcfg.exe.manifest 2007-11-06 23:42 666 –a—— C:\WINDOWS\system32\DME-N Network Driver.exe.manifest 2007-11-06 22:59 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Drumsite 2007-11-04 23:33 <DIR> d——– C:\Program Files\SpacialAudio 2007-11-03 01:26 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nokia 2007-11-03 00:01 <DIR> d——– C:\Program Files\Bonjour 2007-11-02 16:27 <DIR> d——– C:\WINDOWS\system32\windows media 2007-11-02 16:27 <DIR> d–h—– C:\WINDOWS\msdownld.tmp 2007-11-01 11:42 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound 2007-11-01 11:42 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NCH Swift Sound . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 21:41 ——— d—–w C:\Program Files\Mozilla Thunderbird 2007-11-30 19:54 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\AVG7 2007-11-29 00:27 ——— d–h–w C:\Program Files\InstallShield Installation Information 2007-11-29 00:08 ——— d—–w C:\Program Files\CyberLink 2007-11-28 23:43 ——— d—–w C:\Program Files\Bluetooth Remote Control 2007-11-27 21:59 ——— d—–w C:\Program Files\AMP WinOFF 2007-11-24 22:42 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Skype 2007-11-19 19:25 ——— d—–w C:\Program Files\Electronic Arts 2007-11-19 10:24 ——— d—–w C:\Program Files\Yahoo! 2007-11-19 10:08 ——— d—–w C:\Program Files\ArKaos VJ 3.6.1 FC2 2007-11-13 23:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-13 19:06 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\dvdcss 2007-11-04 23:06 ——— d—–w C:\Program Files\Common Files\Real 2007-11-03 01:03 ——— d—–w C:\Program Files\GameSpy Arcade 2007-11-03 01:02 ——— d—–w C:\Program Files\Common Files\Nokia 2007-11-03 00:25 ——— d—–w C:\Program Files\Nokia 2007-11-03 00:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations 2007-11-03 00:18 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\PC Suite 2007-11-03 00:01 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Nokia 2007-11-02 23:10 ——— d—–w C:\Program Files\Common Files\Adobe 2007-11-02 13:31 ——— d—–w C:\Program Files\Microsoft Games 2007-11-02 11:18 ——— d—–w C:\Program Files\Google 2007-11-01 10:53 ——— d—–w C:\Program Files\NCH Swift Sound 2007-11-01 10:41 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NCH Swift Sound 2007-10-29 23:26 ——— d—–w C:\Program Files\CCleaner 2007-10-29 23:07 ——— d—–w C:\Program Files\CBS Software 2007-10-29 22:21 ——— d—–w C:\Program Files\Macromedia 2007-10-29 22:19 ——— d—–w C:\Program Files\Common Files\Macromedia 2007-10-29 20:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Smaart 2007-10-29 09:03 ——— d—–w C:\Program Files\EA GAMES 2007-10-28 21:19 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\vlc 2007-10-28 21:18 ——— d—–w C:\Program Files\VideoLAN 2007-10-25 16:44 8,507,392 —-a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 20:20 737,280 —-a-w C:\WINDOWS\iun6002.exe 2007-10-22 18:25 ——— d—–w C:\Program Files\Gadwin Systems 2007-10-22 15:10 ——— d—–w C:\Program Files\Alcohol Soft 2007-10-22 15:06 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-22 12:20 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-22 11:56 ——— d—–w C:\Program Files\Common Files\EasyInfo 2007-10-22 11:49 ——— d—–w C:\Program Files\WMR11 2007-10-22 11:47 ——— d—–w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST 2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-21 21:29 ——— d—–w C:\Program Files\Java 2007-10-19 16:57 ——— d—–w C:\Program Files\Winamp 2007-10-16 21:39 ——— d—–w C:\Program Files\AltBinz 2007-10-14 21:45 ——— d—–w C:\Program Files\QuickPar 2007-10-13 08:53 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NewsLeecher 2007-10-12 21:14 ——— d—–w C:\Program Files\VJamm3 2007-10-12 20:57 ——— d—–w C:\Program Files\ArKaos Visualizer 1.6.2 2007-10-12 20:29 ——— d—–w C:\Program Files\Flowmotion 2.8 2007-10-12 20:09 ——— d—–w C:\Program Files\Swift Elite 4 2007-10-12 19:58 8,968 —-a-w C:\WINDOWS\system32\KL2DLL.DLL 2007-10-12 19:58 77,824 —-a-w C:\WINDOWS\system32\NWKL2_32.DLL 2007-10-12 19:58 7,440 —-a-w C:\WINDOWS\system32\ppmon.dll 2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\system32\drivers\Usbkey.sys 2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\inf\Usbkey.sys 2007-10-12 19:58 28,672 —-a-w C:\WINDOWS\system32\KL2DLL32.DLL 2007-10-12 19:58 24,136 —-a-w C:\WINDOWS\system32\ppmon.exe 2007-10-12 19:58 12,480 —-a-w C:\WINDOWS\system32\KL2N.DLL 2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-11 09:33 ——— d—–w C:\Program Files\FTDv3.8 2007-10-10 16:09 ——— d—–w C:\Program Files\WinPcap 2007-10-04 14:19 ——— d—–w C:\Program Files\Focus MP3 Recorder 2007-10-03 21:39 ——— d—–w C:\Program Files\Iteral 2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-19 18:39 36,868 —-a-w C:\Program Files\uninst-shine.exe 2006-11-22 08:36 0 —-a-w C:\Documents and Settings\Mark Stam\Application Data\wklnhst.dat 2006-11-21 19:55 168 –sh–r C:\WINDOWS\system32\7973562660.sys 2006-11-21 19:55 5,642 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys .
  • Hoi Soundcraft,

    Lukt het je om nu in normale modus op te starten en een Hijackthis log te maken?

    Start Hijackthis, kies voor [i:a0b80666f0]'Do a system scan only'[/i:a0b80666f0] en vink onderstaande regels aan:
    [b:a0b80666f0]
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [/b:a0b80666f0]

    Sluit nu [u:a0b80666f0]alle[/u:a0b80666f0] openstaande vensters, behalve Hijackthis en klik op [b:a0b80666f0]Fix Checked[/b:a0b80666f0]

    Draai vervolgens Combofix opnieuw, je log is namelijk niet compleet.
    Het stukje hieronder mag je weglaten:
    [b:a0b80666f0]
    ((((((((((((((((((((((((((((( snapshot_2007-09-24_231239,88 ))))))))))))))))))))))))))))))))))))))))) [/b:a0b80666f0]

    Succes!

    Pim :)
  • Ga ik proberen :)

    Want het probleem is toch niet opgelost….., hij sluit explorer.exe weer af…
  • Hijackthis, stappen gedaan, en daarna combofix gedraaid..
    Hier het logje, maar nu blijft explorer.exe herstarten..

    [code:1:671c1f8189]ComboFix 07-11-19.4C - Mark Stam 2007-12-01 13:12:53.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.466 [GMT 1:00]
    Gestart vanuit: C:\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))
    .

    2007-12-01 12:53 324,192 –a—— C:\WINDOWS\system32\gebcb.dll
    2007-12-01 12:53 6,784 –ahs—- C:\WINDOWS\system32\bcbeg.ini
    2007-12-01 12:53 6,670 –ahs—- C:\WINDOWS\system32\bcbeg.ini2
    2007-12-01 12:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-01 11:19 1,560,556 –a—— C:\ComboFix.exe
    2007-12-01 11:05 <DIR> d——– C:\VundoFix Backups
    2007-12-01 11:05 118,272 –a—— C:\VundoFix.exe
    2007-11-30 22:50 <DIR> d——– C:\Program Files\lx_cats
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Sjablonen
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Gtek
    2007-11-30 11:19 35,840 –a—— C:\WINDOWS\system32\rqrspqp.dll
    2007-11-29 01:31 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\Windows Desktop Search
    2007-11-29 01:29 <DIR> d——– C:\Program Files\Windows Desktop Search
    2007-11-29 01:29 192,000 ——— C:\WINDOWS\system32\dllcache\offfilt.dll
    2007-11-29 01:29 98,304 ——— C:\WINDOWS\system32\dllcache
    lhtml.dll
    2007-11-29 01:29 29,696 ——— C:\WINDOWS\system32\dllcache\mimefilt.dll
    2007-11-24 23:38 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\WizzTones
    2007-11-23 00:04 <DIR> d——– C:\Program Files\Ultra Dvd2mp3
    2007-11-21 23:23 <DIR> d——– C:\WINDOWS\SWAT 4
    2007-11-21 23:23 <DIR> d——– C:\Program Files\SWAT 4
    2007-11-21 20:35 <DIR> d——– C:\Program Files\Direct WAV MP3 Splitter
    2007-11-19 12:27 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
    2007-11-18 21:41 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\VirtuaWin
    2007-11-18 21:31 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
    2007-11-18 21:31 160,217 –a—— C:\WINDOWS\system32\PowerToysLicense.rtf
    2007-11-12 16:34 18,432 –ahs—- C:\WINDOWS\system32\Thumbs.db
    2007-11-10 13:12 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
    2007-11-10 12:57 <DIR> d——– C:\Program Files\directx
    2007-11-10 12:32 <DIR> d——– C:\Program Files\Activision
    2007-11-10 12:30 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2007-11-06 23:42 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\InstallShield
    2007-11-06 23:42 321,168 –a—— C:\WINDOWS\system32\DMENcfg.exe
    2007-11-06 23:42 226,976 –a—— C:\WINDOWS\system32\DMENcpl.cpl
    2007-11-06 23:42 19,616 ——— C:\WINDOWS\system32\DMENdrv.dll
    2007-11-06 23:42 698 –a—— C:\WINDOWS\system32\DMENcpl.cpl.manifest
    2007-11-06 23:42 687 –a—— C:\WINDOWS\system32\DMENcfg.exe.manifest
    2007-11-06 23:42 666 –a—— C:\WINDOWS\system32\DME-N Network Driver.exe.manifest
    2007-11-06 22:59 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Drumsite
    2007-11-04 23:33 <DIR> d——– C:\Program Files\SpacialAudio
    2007-11-03 01:26 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nokia
    2007-11-03 00:01 <DIR> d——– C:\Program Files\Bonjour
    2007-11-02 16:27 <DIR> d——– C:\WINDOWS\system32\windows media
    2007-11-02 16:27 <DIR> d–h—– C:\WINDOWS\msdownld.tmp
    2007-11-01 11:42 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound
    2007-11-01 11:42 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-01 11:34 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\AVG7
    2007-11-30 21:41 ——— d—–w C:\Program Files\Mozilla Thunderbird
    2007-11-29 00:27 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-29 00:08 ——— d—–w C:\Program Files\CyberLink
    2007-11-28 23:43 ——— d—–w C:\Program Files\Bluetooth Remote Control
    2007-11-27 21:59 ——— d—–w C:\Program Files\AMP WinOFF
    2007-11-24 22:42 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Skype
    2007-11-19 19:25 ——— d—–w C:\Program Files\Electronic Arts
    2007-11-19 10:24 ——— d—–w C:\Program Files\Yahoo!
    2007-11-19 10:08 ——— d—–w C:\Program Files\ArKaos VJ 3.6.1 FC2
    2007-11-13 23:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-11-13 19:06 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\dvdcss
    2007-11-04 23:06 ——— d—–w C:\Program Files\Common Files\Real
    2007-11-03 01:03 ——— d—–w C:\Program Files\GameSpy Arcade
    2007-11-03 01:02 ——— d—–w C:\Program Files\Common Files\Nokia
    2007-11-03 00:25 ——— d—–w C:\Program Files\Nokia
    2007-11-03 00:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
    2007-11-03 00:18 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\PC Suite
    2007-11-03 00:01 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Nokia
    2007-11-02 23:10 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-11-02 13:31 ——— d—–w C:\Program Files\Microsoft Games
    2007-11-02 11:18 ——— d—–w C:\Program Files\Google
    2007-11-01 10:53 ——— d—–w C:\Program Files\NCH Swift Sound
    2007-11-01 10:41 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NCH Swift Sound
    2007-10-29 23:26 ——— d—–w C:\Program Files\CCleaner
    2007-10-29 23:07 ——— d—–w C:\Program Files\CBS Software
    2007-10-29 22:21 ——— d—–w C:\Program Files\Macromedia
    2007-10-29 22:19 ——— d—–w C:\Program Files\Common Files\Macromedia
    2007-10-29 20:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Smaart
    2007-10-29 09:03 ——— d—–w C:\Program Files\EA GAMES
    2007-10-28 21:19 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\vlc
    2007-10-28 21:18 ——— d—–w C:\Program Files\VideoLAN
    2007-10-25 16:44 8,507,392 —-a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-24 20:20 737,280 —-a-w C:\WINDOWS\iun6002.exe
    2007-10-22 18:25 ——— d—–w C:\Program Files\Gadwin Systems
    2007-10-22 15:10 ——— d—–w C:\Program Files\Alcohol Soft
    2007-10-22 15:06 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-22 12:20 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-22 11:56 ——— d—–w C:\Program Files\Common Files\EasyInfo
    2007-10-22 11:49 ——— d—–w C:\Program Files\WMR11
    2007-10-22 11:47 ——— d—–w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-21 21:29 ——— d—–w C:\Program Files\Java
    2007-10-19 16:57 ——— d—–w C:\Program Files\Winamp
    2007-10-16 21:39 ——— d—–w C:\Program Files\AltBinz
    2007-10-14 21:45 ——— d—–w C:\Program Files\QuickPar
    2007-10-13 08:53 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NewsLeecher
    2007-10-12 21:14 ——— d—–w C:\Program Files\VJamm3
    2007-10-12 20:57 ——— d—–w C:\Program Files\ArKaos Visualizer 1.6.2
    2007-10-12 20:29 ——— d—–w C:\Program Files\Flowmotion 2.8
    2007-10-12 20:09 ——— d—–w C:\Program Files\Swift Elite 4
    2007-10-12 19:58 8,968 —-a-w C:\WINDOWS\system32\KL2DLL.DLL
    2007-10-12 19:58 77,824 —-a-w C:\WINDOWS\system32\NWKL2_32.DLL
    2007-10-12 19:58 7,440 —-a-w C:\WINDOWS\system32\ppmon.dll
    2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\system32\drivers\Usbkey.sys
    2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\inf\Usbkey.sys
    2007-10-12 19:58 28,672 —-a-w C:\WINDOWS\system32\KL2DLL32.DLL
    2007-10-12 19:58 24,136 —-a-w C:\WINDOWS\system32\ppmon.exe
    2007-10-12 19:58 12,480 —-a-w C:\WINDOWS\system32\KL2N.DLL
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-11 09:33 ——— d—–w C:\Program Files\FTDv3.8
    2007-10-10 16:09 ——— d—–w C:\Program Files\WinPcap
    2007-10-04 14:19 ——— d—–w C:\Program Files\Focus MP3 Recorder
    2007-10-03 21:39 ——— d—–w C:\Program Files\Iteral
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-19 18:39 36,868 —-a-w C:\Program Files\uninst-shine.exe
    2006-11-22 08:36 0 —-a-w C:\Documents and Settings\Mark Stam\Application Data\wklnhst.dat
    2006-11-21 19:55 168 –sh–r C:\WINDOWS\system32\7973562660.sys
    2006-11-21 19:55 5,642 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{431057D6-D944-442A-8305-A86E0D87BA2C}]
    2007-12-01 12:53 324192 –a—— C:\WINDOWS\system32\gebcb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}]
    2007-11-30 11:19 35840 –a—— C:\WINDOWS\system32\rqrspqp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51]
    "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 19:21]
    "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
    "FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Mouse\V3.0\moffice.exe" [2007-08-29 13:22]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 19:00]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 19:00]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 18:59]
    "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
    "DME-N Network Driver"="C:\WINDOWS\system32\DME-N Network Driver.exe" [2007-03-05 10:19]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:21]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-16 16:40:31]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)
    "NoViewOnDrive"= 0 (0x0)
    "NoLogoff"= 0 (0x0)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
    "{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}"= C:\WINDOWS\system32\rqrspqp.dll [2007-11-30 11:19 35840]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\rqrspqp]
    rqrspqp.dll 2007-11-30 11:19 35840 C:\WINDOWS\system32\rqrspqp.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2006-02-07 06:10 98304 –a—— C:\Program Files\Lexmark 3400 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgsystray]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
    2006-01-25 17:02 286720 –a—— C:\Program Files\Lexmark 3400 Series\lxcymon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
    C:\Program Files\UltraMon\UltraMon.exe /auto

    R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl
    R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\system32\Drivers\G11av.sys
    S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
    S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers
    pf.sys
    S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
    S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\system32\Drivers\Bulk533.sys
    S4 Neth;Neth;C:\WINDOWS\system32
    etid.exe
    S4 Windows sharing object;Windows sharing object;C:\WINDOWS\system32\winvercp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Setup\rsrc\autorun.exe
    \Shell\dinstall\command - Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \Shell\AutoRun\command - Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \Shell\AutoRun\command - L:\Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - M:\Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ce37ee-a7bf-11db-8c17-0011675c4428}]
    \shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efae58ba-2d20-11dc-8d40-0011675c4428}]
    \Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-20 23:29:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-01 13:26:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-01 13:29:45
    C:\ComboFix2.txt … 2007-12-01 11:54
    C:\ComboFix3.txt … 2007-09-24 22:13
    .
    — E O F —

    [/code:1:671c1f8189]
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:6ee2a2dd54]
    File::
    C:\WINDOWS\system32\gebcb.dll
    C:\WINDOWS\system32\bcbeg.ini
    C:\WINDOWS\system32\bcbeg.ini2
    C:\VundoFix.exe
    C:\WINDOWS\system32\rqrspqp.dll

    Folder::
    C:\VundoFix Backups

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{431057D6-D944-442A-8305-A86E0D87BA2C}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}]
    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\rqrspqp]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [/b:6ee2a2dd54]
    Sla dit op op je Bureaublad als [b:6ee2a2dd54]CFScript.txt[/b:6ee2a2dd54]

    Sleep [b:6ee2a2dd54]CFScript.txt[/b:6ee2a2dd54] in [b:6ee2a2dd54]ComboFix.exe[/b:6ee2a2dd54] zoals getoond in onderstaand voorbeeld :

    [img:6ee2a2dd54]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:6ee2a2dd54]

    Dit zal [b:6ee2a2dd54]ComboFix[/b:6ee2a2dd54] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:6ee2a2dd54]Combofix.txt[/b:6ee2a2dd54] in je volgende antwoord samen met een nieuw HijackThislogje.
  • hier een nieuwe Hijack-Combofix log..
    De computer werkt weer.. Maar toch even checken als het kan : )

    [code:1:afac5be542]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:10:56, on 2-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
    C:\WINDOWS\system32\DME-N Network Driver.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Lexmark 3400 Series\ezprint.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\lxcycoms.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=6061116
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [DME-N Network Driver] C:\WINDOWS\system32\DME-N Network Driver.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
    O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d
    unaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab
    O16 - DPF: {C7DC40E0-6601-4530-9AFB-68506CAE2628} - http://www.idoclogicx.com/webdemo/setup.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 13567 bytes
    [/code:1:afac5be542]


    [code:1:afac5be542]ComboFix 07-11-19.4C - Mark Stam 2007-12-02 11:12:41.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.504 [GMT 1:00]
    Gestart vanuit: C:\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))
    .

    2007-12-01 16:48 <DIR> d——– C:\Program Files\Security Task Manager
    2007-12-01 16:48 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SecTaskMan
    2007-12-01 16:41 116,736 –a—— C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2007-12-01 16:41 99,865 –a—— C:\WINDOWS\system32\dllcache\xlog.exe
    2007-12-01 16:41 28,288 –a—— C:\WINDOWS\system32\dllcache\xjis.nls
    2007-12-01 16:41 27,648 –a—— C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2007-12-01 16:41 23,040 –a—— C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2007-12-01 16:41 19,455 –a—— C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2007-12-01 16:41 17,408 –a—— C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2007-12-01 16:41 16,970 –a—— C:\WINDOWS\system32\dllcache\xem336n5.sys
    2007-12-01 16:41 12,063 –a—— C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2007-12-01 16:41 8,192 –a—— C:\WINDOWS\system32\dllcache\wshirda.dll
    2007-12-01 16:41 4,608 –a—— C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2007-12-01 16:40 13,568 –a—— C:\WINDOWS\system32\dllcache\wacompen.sys
    2007-12-01 16:39 224,802 –a—— C:\WINDOWS\system32\dllcache\usr1807a.sys
    2007-12-01 16:38 212,480 –a—— C:\WINDOWS\system32\dllcache\um54scan.dll
    2007-12-01 16:37 241,664 –a—— C:\WINDOWS\system32\dllcache\tosdvd02.sys
    2007-12-01 16:36 3,968 –a—— C:\WINDOWS\system32\dllcache\swusbflt.sys
    2007-12-01 16:35 53,760 –a—— C:\WINDOWS\system32\dllcache\sw_wheel.dll
    2007-12-01 16:35 41,472 –a—— C:\WINDOWS\system32\dllcache\sw_effct.dll
    2007-12-01 16:35 7,552 –a—— C:\WINDOWS\system32\dllcache\sonypvu1.sys
    2007-12-01 16:34 26,624 –a—— C:\WINDOWS\system32\dllcache\sm92w.dll
    2007-12-01 16:33 161,760 –a—— C:\WINDOWS\system32\dllcache\sgsmusb.sys
    2007-12-01 16:32 495,616 –a—— C:\WINDOWS\system32\dllcache\sblfx.dll
    2007-12-01 16:31 24,576 –a—— C:\WINDOWS\system32\dllcache\rw001ext.dll
    2007-12-01 16:31 20,992 –a—— C:\WINDOWS\system32\dllcache\rtl8139.sys
    2007-12-01 16:30 130,942 –a—— C:\WINDOWS\system32\dllcache\ptserlv.sys
    2007-12-01 16:29 68,608 –a—— C:\WINDOWS\system32\dllcache\plugin.ocx
    2007-12-01 16:27 30,282 –a—— C:\WINDOWS\system32\dllcache\pcntn5hl.sys
    2007-12-01 16:26 27,209 –a—— C:\WINDOWS\system32\dllcache\otc06x5.sys
    2007-12-01 16:25 60,480 –a—— C:\WINDOWS\system32\dllcache
    eo20xx.dll
    2007-12-01 16:24 126,686 –a—— C:\WINDOWS\system32\dllcache\mtlmnt5.sys
    2007-12-01 16:23 47,616 –a—— C:\WINDOWS\system32\dllcache\memgrp.dll
    2007-12-01 16:22 26,922 –a—— C:\WINDOWS\system32\dllcache\lanepic5.sys
    2007-12-01 16:21 45,632 –a—— C:\WINDOWS\system32\dllcache\ip5515.sys
    2007-12-01 16:20 100,936 –a—— C:\WINDOWS\system32\dllcache\ibmtok.sys
    2007-12-01 16:19 19,456 –a—— C:\WINDOWS\system32\dllcache\hr1w.dll
    2007-12-01 16:18 82,560 –a—— C:\WINDOWS\system32\dllcache\grclass.sys
    2007-12-01 16:17 94,208 –a—— C:\WINDOWS\system32\dllcache\fpencode.dll
    2007-12-01 16:16 455,711 –a—— C:\WINDOWS\system32\dllcache\el985n51.sys
    2007-12-01 16:14 131,156 –a—— C:\WINDOWS\system32\dllcache\digidbp.dll
    2007-12-01 16:14 117,760 –a—— C:\WINDOWS\system32\dllcache\d100ib5.sys
    2007-12-01 16:14 103,396 –a—— C:\WINDOWS\system32\dllcache\digidxb.sys
    2007-12-01 16:14 65,622 –a—— C:\WINDOWS\system32\dllcache\digiasyn.dll
    2007-12-01 16:14 44,544 –a—— C:\WINDOWS\system32\dllcache\cnusd.dll
    2007-12-01 16:14 38,023 –a—— C:\WINDOWS\system32\dllcache\digiasyn.sys
    2007-12-01 16:13 164,923 –a—— C:\WINDOWS\system32\dllcache\diapi2.sys
    2007-12-01 16:13 162,850 –a—— C:\WINDOWS\system32\dllcache\c_10001.nls
    2007-12-01 16:13 66,728 –a—— C:\WINDOWS\system32\dllcache\big5.nls
    2007-12-01 16:13 32,256 –a—— C:\WINDOWS\system32\dllcache\diapi2NT.dll
    2007-12-01 16:12 45,056 –a—— C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
    2007-12-01 16:12 4,255 –a—— C:\WINDOWS\system32\dllcache\adv01nt5.dll
    2007-12-01 16:11 598,071 –a—— C:\WINDOWS\system32\dllcache\fpmmc.dll
    2007-12-01 16:11 212,992 –a—— C:\WINDOWS\system32\dllcache\fpmmcsat.dll
    2007-12-01 16:11 188,480 –a—— C:\WINDOWS\system32\dllcache\cfgwiz.exe
    2007-12-01 16:11 184,435 –a—— C:\WINDOWS\system32\dllcache\fp4amsft.dll
    2007-12-01 16:11 147,513 –a—— C:\WINDOWS\system32\dllcache\fp4apws.dll
    2007-12-01 16:11 102,509 –a—— C:\WINDOWS\system32\dllcache\fp4atxt.dll
    2007-12-01 16:11 82,035 –a—— C:\WINDOWS\system32\dllcache\fp4anscp.dll
    2007-12-01 16:11 49,210 –a—— C:\WINDOWS\system32\dllcache\fp4areg.dll
    2007-12-01 16:11 20,541 –a—— C:\WINDOWS\system32\dllcache\fpexedll.dll
    2007-12-01 16:11 20,540 –a—— C:\WINDOWS\system32\dllcache\author.dll
    2007-12-01 16:11 20,536 –a—— C:\WINDOWS\system32\dllcache\shtml.dll
    2007-12-01 16:11 16,439 –a—— C:\WINDOWS\system32\dllcache\author.exe
    2007-12-01 16:11 16,437 –a—— C:\WINDOWS\system32\dllcache\shtml.exe
    2007-12-01 16:11 5,632 –a—— C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
    2007-12-01 12:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-01 11:19 1,560,556 –a—— C:\ComboFix.exe
    2007-11-30 22:50 <DIR> d——– C:\Program Files\lx_cats
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Sjablonen
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
    2007-11-30 20:32 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Gtek
    2007-11-29 01:31 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\Windows Desktop Search
    2007-11-29 01:29 <DIR> d——– C:\Program Files\Windows Desktop Search
    2007-11-24 23:38 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\WizzTones
    2007-11-23 00:04 <DIR> d——– C:\Program Files\Ultra Dvd2mp3
    2007-11-21 23:23 <DIR> d——– C:\WINDOWS\SWAT 4
    2007-11-21 23:23 <DIR> d——– C:\Program Files\SWAT 4
    2007-11-21 20:35 <DIR> d——– C:\Program Files\Direct WAV MP3 Splitter
    2007-11-19 12:27 2,526,800 –a—— C:\WINDOWS\Install_B4Playing.exe
    2007-11-18 21:41 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\VirtuaWin
    2007-11-18 21:31 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
    2007-11-18 21:31 160,217 –a—— C:\WINDOWS\system32\PowerToysLicense.rtf
    2007-11-12 16:34 18,432 –ahs—- C:\WINDOWS\system32\Thumbs.db
    2007-11-10 13:12 81,768 –a—— C:\WINDOWS\system32\xinput1_3.dll
    2007-11-10 12:57 <DIR> d——– C:\Program Files\directx
    2007-11-10 12:32 <DIR> d——– C:\Program Files\Activision
    2007-11-10 12:30 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2007-11-06 23:42 <DIR> d——– C:\Documents and Settings\Mark Stam\Application Data\InstallShield
    2007-11-06 23:42 321,168 –a—— C:\WINDOWS\system32\DMENcfg.exe
    2007-11-06 23:42 226,976 –a—— C:\WINDOWS\system32\DMENcpl.cpl
    2007-11-06 23:42 19,616 ——— C:\WINDOWS\system32\DMENdrv.dll
    2007-11-06 23:42 698 –a—— C:\WINDOWS\system32\DMENcpl.cpl.manifest
    2007-11-06 23:42 687 –a—— C:\WINDOWS\system32\DMENcfg.exe.manifest
    2007-11-06 23:42 666 –a—— C:\WINDOWS\system32\DME-N Network Driver.exe.manifest
    2007-11-06 22:59 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Drumsite
    2007-11-04 23:33 <DIR> d——– C:\Program Files\SpacialAudio
    2007-11-03 01:26 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nokia
    2007-11-03 00:01 <DIR> d——– C:\Program Files\Bonjour

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-01 16:00 ——— d—–w C:\Program Files\Mozilla Thunderbird
    2007-12-01 11:34 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\AVG7
    2007-11-29 00:27 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-29 00:08 ——— d—–w C:\Program Files\CyberLink
    2007-11-28 23:43 ——— d—–w C:\Program Files\Bluetooth Remote Control
    2007-11-27 21:59 ——— d—–w C:\Program Files\AMP WinOFF
    2007-11-24 22:42 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Skype
    2007-11-19 19:25 ——— d—–w C:\Program Files\Electronic Arts
    2007-11-19 10:24 ——— d—–w C:\Program Files\Yahoo!
    2007-11-19 10:08 ——— d—–w C:\Program Files\ArKaos VJ 3.6.1 FC2
    2007-11-13 23:17 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-11-13 19:06 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\dvdcss
    2007-11-04 23:06 ——— d—–w C:\Program Files\Common Files\Real
    2007-11-03 01:03 ——— d—–w C:\Program Files\GameSpy Arcade
    2007-11-03 01:02 ——— d—–w C:\Program Files\Common Files\Nokia
    2007-11-03 00:25 ——— d—–w C:\Program Files\Nokia
    2007-11-03 00:24 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
    2007-11-03 00:18 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\PC Suite
    2007-11-03 00:01 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\Nokia
    2007-11-02 23:10 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-11-02 13:31 ——— d—–w C:\Program Files\Microsoft Games
    2007-11-02 11:18 ——— d—–w C:\Program Files\Google
    2007-11-01 10:53 ——— d—–w C:\Program Files\NCH Swift Sound
    2007-11-01 10:42 ——— d—–w C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound
    2007-11-01 10:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2007-11-01 10:41 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NCH Swift Sound
    2007-10-29 23:26 ——— d—–w C:\Program Files\CCleaner
    2007-10-29 23:07 ——— d—–w C:\Program Files\CBS Software
    2007-10-29 22:21 ——— d—–w C:\Program Files\Macromedia
    2007-10-29 22:19 ——— d—–w C:\Program Files\Common Files\Macromedia
    2007-10-29 20:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Smaart
    2007-10-29 09:03 ——— d—–w C:\Program Files\EA GAMES
    2007-10-28 21:19 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\vlc
    2007-10-28 21:18 ——— d—–w C:\Program Files\VideoLAN
    2007-10-25 16:44 8,507,392 —-a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-24 20:20 737,280 —-a-w C:\WINDOWS\iun6002.exe
    2007-10-22 18:25 ——— d—–w C:\Program Files\Gadwin Systems
    2007-10-22 15:10 ——— d—–w C:\Program Files\Alcohol Soft
    2007-10-22 15:06 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-22 12:20 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-22 11:56 ——— d—–w C:\Program Files\Common Files\EasyInfo
    2007-10-22 11:49 ——— d—–w C:\Program Files\WMR11
    2007-10-22 11:47 ——— d—–w C:\Program Files\Soldier of Fortune II - Double Helix MP TEST
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-21 21:29 ——— d—–w C:\Program Files\Java
    2007-10-19 16:57 ——— d—–w C:\Program Files\Winamp
    2007-10-16 21:39 ——— d—–w C:\Program Files\AltBinz
    2007-10-14 21:45 ——— d—–w C:\Program Files\QuickPar
    2007-10-13 08:53 ——— d—–w C:\Documents and Settings\Mark Stam\Application Data\NewsLeecher
    2007-10-12 21:14 ——— d—–w C:\Program Files\VJamm3
    2007-10-12 20:57 ——— d—–w C:\Program Files\ArKaos Visualizer 1.6.2
    2007-10-12 20:29 ——— d—–w C:\Program Files\Flowmotion 2.8
    2007-10-12 20:09 ——— d—–w C:\Program Files\Swift Elite 4
    2007-10-12 19:58 8,968 —-a-w C:\WINDOWS\system32\KL2DLL.DLL
    2007-10-12 19:58 77,824 —-a-w C:\WINDOWS\system32\NWKL2_32.DLL
    2007-10-12 19:58 7,440 —-a-w C:\WINDOWS\system32\ppmon.dll
    2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\system32\drivers\Usbkey.sys
    2007-10-12 19:58 40,352 —-a-w C:\WINDOWS\inf\Usbkey.sys
    2007-10-12 19:58 28,672 —-a-w C:\WINDOWS\system32\KL2DLL32.DLL
    2007-10-12 19:58 24,136 —-a-w C:\WINDOWS\system32\ppmon.exe
    2007-10-12 19:58 12,480 —-a-w C:\WINDOWS\system32\KL2N.DLL
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-11 09:33 ——— d—–w C:\Program Files\FTDv3.8
    2007-10-10 16:09 ——— d—–w C:\Program Files\WinPcap
    2007-10-04 14:19 ——— d—–w C:\Program Files\Focus MP3 Recorder
    2007-10-03 21:39 ——— d—–w C:\Program Files\Iteral
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-19 18:39 36,868 —-a-w C:\Program Files\uninst-shine.exe
    2006-11-22 08:36 0 —-a-w C:\Documents and Settings\Mark Stam\Application Data\wklnhst.dat
    2006-11-21 19:55 168 –sh–r C:\WINDOWS\system32\7973562660.sys
    2006-11-21 19:55 5,642 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 C:\WINDOWS\stsystra.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51]
    "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 19:21]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
    "FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Mouse\V3.0\moffice.exe" [2007-08-29 13:22]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 19:00]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 19:00]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-30 18:59]
    "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
    "DME-N Network Driver"="C:\WINDOWS\system32\DME-N Network Driver.exe" [2007-03-05 10:19]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
    "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" []
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" []
    "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 17:02]
    "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" []
    "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 06:10]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:21]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-16 16:40:31]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)
    "NoViewOnDrive"= 0 (0x0)
    "NoLogoff"= 0 (0x0)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgsystray]

    R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl
    R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
    S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\system32\Drivers\G11av.sys
    S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
    S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers
    pf.sys
    S3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
    S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
    S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\system32\Drivers\Bulk533.sys
    S4 Neth;Neth;C:\WINDOWS\system32
    etid.exe
    S4 Windows sharing object;Windows sharing object;C:\WINDOWS\system32\winvercp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Setup\rsrc\autorun.exe
    \Shell\dinstall\command - Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \Shell\AutoRun\command - Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \Shell\AutoRun\command - L:\Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - M:\Autoplay.exe -auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ce37ee-a7bf-11db-8c17-0011675c4428}]
    \shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efae58ba-2d20-11dc-8d40-0011675c4428}]
    \Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-20 23:29:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-02 11:21:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    **************************************************************************
    .
    Voltooingstijd: 2007-12-02 11:23:28
    C:\ComboFix2.txt … 2007-12-02 00:28
    C:\ComboFix3.txt … 2007-12-01 14:55
    .
    — E O F —
    [/code:1:afac5be542]
  • Ziet er weer goed uit :)

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:a15910f46f]Select All[/b:a15910f46f].
    Klik op de knop [b:a15910f46f]Empty Selected[/b:a15910f46f].

    Het volgende doen als je ook [u:a15910f46f]FireFox[/u:a15910f46f] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:a15910f46f]Select All[/b:a15910f46f].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:a15910f46f]Empty Selected.[/b:a15910f46f]

    Het volgende doen als je ook [u:a15910f46f]Opera[/u:a15910f46f] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:a15910f46f]Select All[/b:a15910f46f].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:a15910f46f]Empty Selected[/b:a15910f46f].
    Ga naar het tabblad "Main" en klik op de knop [b:a15910f46f]Exit[/b:a15910f46f] om het programma af te sluiten.

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:a15910f46f]combofix /u[/b:a15910f46f]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Hoe is het met je problemen?

    Pim :)
  • ATF cleaner is al gebeurd, en ook ad-aware en spybot hebben gedraaid maar niks gevonden :)

    Bedankt!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.