Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis log

None
21 antwoorden
  • heey,

    mijn pleeg zus heeft wéér toegeslagen..
    de computer is weer een grote puinhoop.

    Ze is net achter de pc vandaan en heb nu last van een internetverbinding die er steeds uitvliegt, en een of andere programma genaamd "iMirc" en Advanced DHTML Enable (aaotih).

    Ze zegt natuurlijk dat het niet door haar komt =)
    en kan ik het weer oplossen terwijl ik GTA4 wil doen.
    goed genoeg onzin omdat ik sjaggie wordt =P.

    Hier mn hijackthis logje.
    hoop dat jullie er iets mee kunnen.

    [b:77746d9fdb]Logfile of Trend Micro HijackThis v2.0.2[/b:77746d9fdb]
    Scan saved at 20:46, on 2009-01-24
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\fxstaller.exe
    C:\WINDOWS\system32\winamp.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Documents and Settings\Vincent.COMPUTER-KEUKEN\Mijn documenten\Vincent\Oude Map\Games etc\Programma's\Anti Virus enzo\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {022C551F-1659-4DC3-9D61-9CC79326F8BD} - C:\WINDOWS\system32\fccyyxwt.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe
    O4 - HKLM\..\Run: [ISPSERVICE] C:\Program Files\%systemdir%\winasc.exe
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\system32\winamp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1606980848-823518204-725345543-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Willemien')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-1606980848-823518204-725345543-1011 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Willemien')
    O4 - S-1-5-21-1606980848-823518204-725345543-1011 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Willemien')
    O4 - Startup: AutorunsDisabled
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198273230484
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


    End of file - 9896 bytes




    Groeten


  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:49abe1c912]O2 - BHO: (no name) - {022C551F-1659-4DC3-9D61-9CC79326F8BD} - C:\WINDOWS\system32\fccyyxwt.dll (file missing)
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O4 - HKLM\..\Run: [ISPSERVICE] C:\Program Files\%systemdir%\winasc.exe
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\system32\winamp.exe[/b:49abe1c912]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:49abe1c912]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    taskkill /f /im fxinstaller.exe
    FOR %%g in (
    C:\WINDOWS\fxstaller.exe
    C:\Program Files\%systemdir%\winasc.exe
    C:\WINDOWS\system32\winamp.exe) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:49abe1c912]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.


    Download [b:49abe1c912] en sla het op je bureaublad op.
    Dubbelklik op [b:49abe1c912]mbam-setup.exe[/b:49abe1c912] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:49abe1c912]
    [*:49abe1c912]Update MalwareBytes' Anti-Malware
    [*:49abe1c912]Start MalwareBytes' Anti-Malware
    [/list:u:49abe1c912]Klik daarna op "[b:49abe1c912]Voltooien[/b:49abe1c912]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:49abe1c912]
    [*:49abe1c912]Zodra het programma gestart is, ga dan naar het tabblad "[b:49abe1c912]Instellingen[/b:49abe1c912]".
    [*:49abe1c912]Vink hier aan: "[b:49abe1c912]Sluit Internet Explorer tijdens verwijdering van malware[/b:49abe1c912]".
    [*:49abe1c912]Ga daarna naar het tabblad "[b:49abe1c912]Scanner[/b:49abe1c912]", kies hier voor "[b:49abe1c912]Snelle Scan[/b:49abe1c912]".
    [*:49abe1c912]Druk vervolgens op "[b:49abe1c912]Scannen[/b:49abe1c912]" om de scan te starten.
    [*:49abe1c912]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:49abe1c912]Wanneer de scan voltooid is, klik op [b:49abe1c912]OK[/b:49abe1c912], daarna "[b:49abe1c912]Bekijk Resultaten[/b:49abe1c912]" om de resultaten te zien.
    [*:49abe1c912]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:49abe1c912]Verwijder geselecteerde[/b:49abe1c912]".
    [*:49abe1c912]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:49abe1c912]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:49abe1c912]Logs[/b:49abe1c912]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • [b:df883074d0]MBAM Log:[/b:df883074d0]

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1696
    Windows 5.1.2600 Service Pack 3

    2009-01-26 20:36:41
    mbam-log-2009-01-26 (20-36-41).txt

    Scan type: Snelle Scan
    Objecten gescand: 150116
    Verstreken tijd: 1 hour(s), 40 minute(s), 21 second(s)

    Geheugenprocessen geïnfecteerd: 1
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 3
    Registerwaarden geïnfecteerd: 1
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 13

    Geheugenprocessen geïnfecteerd:
    C:\WINDOWS\winav.exe (Backdoor.Bot) -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{254b87bb-510d-41fa-a887-52c5fa9be585} (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win system (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\winav.exe (Backdoor.Bot) -> Delete on reboot.
    C:\WINDOWS\system32
    nnoLDWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yayxuUmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnkIArS.dll (Adware.BHO) -> Quarantined and deleted successfully.
    C:\pips.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Willemien\Local Settings\Temp\IXP000.TMP\burimiii.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Willemien\Local Settings\Temp\IXP001.TMP\love.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Willemien\Local Settings\Temporary Internet Files\Content.IE5\DPOX6EGH\apstpldr.dll[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Willemien\Local Settings\Temporary Internet Files\Content.IE5\NFL7GB1J\pips[1].jpg (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Willemien\Local Settings\Temporary Internet Files\Content.IE5\NFL7GB1J\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Willemien\Local Settings\Temporary Internet Files\Content.IE5\UPV7E2II\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Vincent.COMPUTER-KEUKEN\Local Settings\Temporary Internet Files\Content.IE5\AB5QB1UF\pips[1].jpg (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Vincent.COMPUTER-KEUKEN\Local Settings\Temporary Internet Files\Content.IE5\AB5QB1UF\russian[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.



    [b:df883074d0]Hijackthis[/b:df883074d0]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:56, on 2009-01-26
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Xfire\xfire.exe
    C:\WINDOWS\system32\BDAGENTS.EXE
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Vincent.COMPUTER-KEUKEN\Mijn documenten\Vincent\Oude Map\Games etc\Programma's\Anti Virus enzo\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\tawjpe.exe
    O4 - HKLM\..\Run: [Microsoft Update] BDAGENTS.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKCU\..\RunOnce: [Microsoft Update] BDAGENTS.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2
    esources/MSNPUpld.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198273230484
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


    End of file - 9536 bytes


    [b:df883074d0]DEL.dat Log:[/b:df883074d0]

    Deleting files
    C:\WINDOWS\fxstaller.exe deleted
    C:\Program not found
    Files\\winasc.exe not found
    C:\WINDOWS\system32\winamp.exe deleted


    Greetz,



  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:4325383ae1]O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\system32\tawjpe.exe
    O4 - HKLM\..\Run: [Microsoft Update] BDAGENTS.EXE
    O4 - HKCU\..\RunOnce: [Microsoft Update] BDAGENTS.EXE[/b:4325383ae1]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:4325383ae1]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    taskkil /f /im BDAGENTS.EXE
    FOR %%g in (
    C:\WINDOWS\system32\BDAGENTS.EXE) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:4325383ae1]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.



    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    [b:4325383ae1][/b:4325383ae1]

    Open ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje
  • Heey bedankt weer voor je reactie =)

    Hijackthis laten draaien en bestanden verwijdert.

    [b:49cfdbd40b]Del.bat Log:[/b:49cfdbd40b]
    Deleting files
    C:\WINDOWS\system32\BDAGENTS.EXE deleted


    Combofix laten draaien, wat een enorme log file o_0
    hij is 408 pagina's groot in Microsoft Word :O

    kan ik hier dus niet posten, dat is onbegonnen werk.
    ik heb hem nog niet gereboot. doe ik nu wel even. miss dat ik dan een andere log krijg.
  • Zou je de volledige inhoud van de logfile willen plaatsen?


    EDIT:
    Zie je één specifieke regel die steeds terug komt?
    Zo ja, onder welk tussenkopje komt die steeds, en welke regel is het?
  • ik kan het naar je mailen bijvoorbeeld.
    hier plaatsen is niet handig. er past maar een klein deel in 1 post, zou ik alles posten dan kan ik 100 posts maken ongeveer.

    pb me anders je email adres dan stuur ik de log door =)

    Greetz,
  • Ik heb je mijn mail gepbe'd :wink: .
  • ik verstuur nu de mail ;)
  • Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3.



    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.

    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • alles lukte behalve het stukje dat ik dat CFScript bestandje naar Combo Fix moet slepen.
    dat lukt opzich wel maar hij geeft dan een foutmelding.
    zie screenie :

    [img:bdc14655b7]http://i43.tinypic.com/20f6jxd.jpg[/img:bdc14655b7]

    ik heb geloof ik ook een nieuwere versie van Combo Fix ofzo.

    Greetz,
  • Schakel Norton uit.
    Voer de instructies vervolgens opnieuw uit, negeer eventuele meldingen en mail mij vervolgens een nieuw log.
  • Ik heb je log ontvangen, hij is nu een stuk korter.

    Maar zou je norton antivirus graag willen [b:4307fc71cc]uitschakelen[/b:4307fc71cc] en CFScript opnieuw uitvoeren??
    Daarna kan je de log gewoon hier plaatsen.
  • ik heb geen norton meer.
    ongeveer een jaar geleden erafgehaald.
    abbo is ook afgelopen.
    dus lijkt me niet dat die nog actief is op wat voor manier dan ook.

    Greetz,
  • Boven aan je log staat:

    ComboFix 09-01-21.04 - Vincent 2009-01-31 9:07:43.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2047.1558 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Vincent.COMPUTER-KEUKEN\Mijn documenten\Vincent\Oude Map\Games etc\Programma's\Anti Virus enzo\ComboFix.exe
    FW: [b:a6ac1006d5]Norton AntiVirus *enabled*[/b:a6ac1006d5]

    Heb je het wel op de goede manier gedaan?
    Want alleen via configuratiescherm verwijderen is niet goed genoeg.


    En ik herhaal:
    Gebruik CFScript, dat is echt noodzakelijk.
  • zo heb ik het wel verwijderd.
    er is geen spoor van norton te bekennen op de comp.
    dus ik zou niet weten waar het moet zijn.

    hoe had de uninstall dan gemoeten?

    ik gebruik CFScript ook :)

    Greetz,


    EDIT: Ik ben nu de Removal tool aan het downloaden.
  • Ik zie dat je het zelf al hebt uitgevonden, en er is in jouw log geen spoor te bekennen van CFScript.txt

    Dit komt omdat combofix.exe op de bureaublad hoort te staan.

    Voer deze stappen even uit.
    Verwijder eerst Norton met de removal tool.


    Ga naar start-> uitvoeren en typ:

    [b:e30e091d0e]Combofix /u[/b:e30e091d0e]

    Druk op enter.
    Download ComboFix van deze site:http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sla het op op jouw bureablad.
    Maak CFScript.txt aan en plak dit erin:


  • Ow, heb hem al gestuurd via email.
    zal hem hier ook nog maar ff plaatsen:

    ComboFix 09-01-21.04 - Vincent 2009-01-31 17:20:33.9 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2047.1453 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Vincent.COMPUTER-KEUKEN\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Vincent.COMPUTER-KEUKEN\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .
    - VERMINDERDE FUNCTIONALITEIT MODUS -
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))
    .

    2009-01-31 17:03 . 2009-01-31 17:03 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
    2009-01-31 09:14 . 2009-01-31 09:14 <DIR> d–hs—- c:\documents and settings\Vincent.COMPUTER-KEUKEN\UserData
    2009-01-29 18:16 . 2009-01-29 18:16 <DIR> d——– c:\windows\system32\Futuremark
    2009-01-29 18:16 . 2007-09-07 14:55 27,672 –a—— c:\windows\system32\drivers\Entech.sys
    2009-01-29 18:16 . 2007-09-07 14:55 12,744 –a—— c:\windows\system32\drivers\Entech64.sys
    2009-01-29 18:16 . 2007-09-07 14:55 6,173 –a—— c:\windows\system32\drivers\Entech.vxd
    2009-01-29 18:16 . 2001-11-19 20:05 3,972 –a—— c:\windows\system32\drivers\PciBus.sys
    2009-01-29 18:15 . 2009-01-29 18:15 <DIR> d——– c:\program files\Futuremark
    2009-01-27 16:17 . 2009-01-27 16:18 <DIR> d——– c:\program files\YouTube Downloader New
    2009-01-24 20:35 . 2009-01-24 20:39 <DIR> d——– c:\program files\Exterminate It!
    2009-01-24 20:23 . 2009-01-24 20:23 <DIR> d——– c:\documents and settings\Willemien\Application Data\Malwarebytes
    2009-01-24 18:55 . 2009-01-26 09:20 <DIR> d——– c:\program files\%systemdir%
    2009-01-21 23:51 . 2009-01-21 23:51 <DIR> d——– c:\program files\LimeWire Plus
    2009-01-21 23:51 . 2009-01-22 18:55 <DIR> d——– c:\program files\Conduit
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\program files\Photodex Presenter
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\program files\Photodex
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Photodex
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Netscape
    2009-01-17 18:01 . 2009-01-17 18:01 <DIR> d——– c:\documents and settings\Willemien\Application Data\Samsung
    2009-01-17 17:58 . 2006-05-03 22:53 174,592 –a—— c:\windows\system32\framedyn.dll
    2009-01-17 17:57 . 2006-07-24 16:05 5,632 –a—— c:\windows\system32\drivers\StarOpen.sys
    2009-01-17 17:55 . 2009-01-17 17:55 <DIR> d——– c:\program files\Samsung
    2009-01-15 09:37 . 2009-01-15 09:37 42,320 –a—— c:\windows\system32\xfcodec.dll
    2009-01-14 19:57 . 2009-01-14 19:57 118 –a—— c:\windows\system32\MRT.INI
    2009-01-07 20:51 . 2009-01-29 09:43 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\LimeWire
    2009-01-05 18:53 . 2009-01-09 15:50 <DIR> d——– c:\program files\FLATOUT 2
    2009-01-02 16:35 . 2009-01-02 16:35 1,700,352 –a—— c:\windows\system32\gdiplus.dll
    2008-12-30 16:35 . 2008-12-30 16:35 107,888 –a—— c:\windows\system32\CmdLineExt.dll
    2008-12-30 11:05 . 2003-06-25 16:05 266,360 –a—— c:\windows\system32\TweakUI.exe
    2008-12-30 11:05 . 2002-06-21 15:09 160,217 –a—— c:\windows\system32\PowerToysLicense.rtf
    2008-12-27 16:29 . 2008-12-27 16:33 <DIR> d——– c:\windows\NV34482416.TMP
    2008-12-22 18:27 . 2008-12-23 21:10 1,393 –a—— c:\windows\imsins.BAK
    2008-12-22 17:14 . 2009-01-31 17:19 <DIR> d–hs—- c:\documents and settings\Vincent.COMPUTER-KEUKEN\Onlangs geopend
    2008-12-22 16:18 . 2008-12-22 16:18 0 –a—— C:\ARK8.tmp
    2008-12-22 16:18 . 2008-12-22 16:18 0 –a—— C:\ARK7.tmp
    2008-12-22 16:12 . 2008-12-22 16:12 <DIR> d——– c:\program files\Avira
    2008-12-22 16:12 . 2008-12-22 16:12 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Avira
    2008-12-22 16:10 . 2008-12-22 16:10 <DIR> d——– c:\program files\COMODO
    2008-12-22 16:10 . 2008-12-22 16:10 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\comodo
    2008-12-21 14:02 . 2008-12-22 17:14 <DIR> d——– c:\program files\iMesh Applications
    2008-12-20 09:28 . 2008-12-20 11:27 <DIR> d——– c:\windows\system32\GroupPolicyManifest(2)
    2008-12-19 18:05 . 2008-12-19 18:05 373,760 –ahs—- c:\windows\system32\140.tmp
    2008-12-18 13:42 . 2008-12-18 13:42 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Zylom
    2008-12-17 18:51 . 2008-12-17 18:53 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Belastingdienst
    2008-12-14 15:37 . 2008-12-22 17:16 <DIR> d——– c:\windows\NV26361368.TMP
    2008-12-07 16:14 . 2008-12-07 16:14 <DIR> dr-h—– c:\documents and settings\Willemien\Application Data\SecuROM
    2008-12-06 21:03 . 2008-12-06 21:04 <DIR> d——– c:\program files\Microsoft Games for Windows - LIVE
    2008-12-06 08:23 . 2008-12-06 08:23 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software
    2008-12-03 13:37 . 2008-12-28 11:36 <DIR> d——– c:\program files\Belastingdienst
    2008-12-02 17:59 . 2008-11-10 05:43 410,984 –a—— c:\windows\system32\deploytk.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-31 10:42 ——— d—–w c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Xfire
    2009-01-30 19:17 137,688 —-a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-30 19:16 202,040 —-a-w c:\windows\system32\PnkBstrB.exe
    2009-01-30 19:16 ——— d—–w c:\program files\Xfire
    2009-01-29 17:17 86,016 —-a-w c:\windows\system32\OpenAL32.dll
    2009-01-29 17:15 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-26 17:55 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 17:55 ——— d—–w c:\program files\LimewirePlus
    2009-01-21 12:43 ——— d—–w c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\U3
    2009-01-19 15:18 ——— d—–w c:\program files\SpeedFan
    2009-01-19 15:17 ——— d—–w c:\program files\Regelgeving APK
    2009-01-18 12:55 ——— d—a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-01-14 18:58 ——— d—–w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-07 21:34 ——— d—–w c:\program files\LimeWire
    2009-01-06 17:17 ——— d—–w c:\program files\EA GAMES
    2008-12-30 15:05 ——— d—–w c:\program files\Rockstar Games
    2008-12-28 10:39 ——— d—–w c:\program files\Handbrake
    2008-12-28 10:13 ——— d—–w c:\program files\Hitman Pro
    2008-12-27 15:31 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-27 11:26 729,088 —-a-w c:\windows\iun6002.exe
    2008-12-23 11:23 ——— d—–w c:\program files\Java
    2008-12-22 16:48 ——— d—–w c:\program files\GameSpy Arcade
    2008-12-22 16:47 ——— d—–w c:\program files\Lavalys
    2008-12-22 16:32 ——— d—–w c:\program files\Styler
    2008-12-22 16:16 ——— d—–w c:\program files\AGEIA Technologies
    2008-12-22 16:15 ——— d—–w c:\program files\Google
    2008-12-21 15:47 ——— d—–w c:\documents and settings\Willemien\Application Data\LimeWire
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-03 12:13 ——— d—–w c:\program files\Compaq
    2008-12-02 16:51 ——— d—–w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2008-12-02 16:48 ——— d—–w c:\program files\Bonjour
    2008-12-02 16:47 ——— d—–w c:\program files\Common Files\Apple
    2008-11-21 18:13 682,280 —-a-w c:\windows\system32\pbsvc.exe
    2008-11-21 18:13 22,328 —-a-w c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\PnkBstrK.sys
    2008-11-12 12:45 453,152 —-a-w c:\windows\system32\NVUNINST.EXE
    2008-11-01 16:40 66,872 —-a-w c:\windows\system32\PnkBstrA.exe
    2008-10-28 22:36 823,296 —-a-w c:\windows\system32\divx_xx0c.dll
    2008-10-28 22:36 823,296 —-a-w c:\windows\system32\divx_xx07.dll
    2008-10-28 22:35 815,104 —-a-w c:\windows\system32\divx_xx0a.dll
    2008-10-28 22:35 802,816 —-a-w c:\windows\system32\divx_xx11.dll
    2008-10-28 16:41 14,303,392 —-a-w c:\windows\system32\xlive.dll
    2008-10-28 16:41 13,643,936 —-a-w c:\windows\system32\xlivefnt.dll
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:33 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 —-a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
    2008-10-13 08:56 70,936 —-a-w c:\windows\system32\PhysXLoader.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelSwedish.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelSpanish.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelPortugese.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelKorean.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelJapanese.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelGerman.dll
    2008-10-07 08:13 58,648 —-a-w c:\windows\system32\AgCPanelFrench.dll
    2008-10-07 08:13 288,024 —-a-w c:\windows\system32\PhysXCplUI.exe
    2008-10-07 08:13 288,024 —-a-w c:\windows\system32\PhysXCompatCplUI.exe
    2008-10-07 08:13 23,320 —-a-w c:\windows\system32\PhysXDevice.dll
    2008-10-03 10:05 247,326 —-a-w c:\windows\system32\strmdll.dll
    2006-06-23 06:48 32,768 —-a-r c:\windows\inf\UpdateUSB.exe
    2006-05-03 09:06 163,328 –sh–r c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31,232 –sh–r c:\windows\system32\msfDX.dll
    2007-12-17 12:43 27,648 –sh–w c:\windows\system32\Smab0.dll
    2008-09-20 14:45 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092020080921\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-29_17.45.09.85 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-08-03 15:16:40 40,960 —-a-w c:\windows\system32\Futuremark\MSC\atimgpud.dll
    + 2007-09-07 13:55:04 65,536 —-a-w c:\windows\system32\Futuremark\MSC\Direcpll.dll
    + 2009-01-31 15:54:10 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_158.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-30 306088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Willemien\Menu Start\Programma's\Opstarten\
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\documents and settings\Vincent.COMPUTER-KEUKEN\Menu Start\Programma's\Opstarten\
    Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-01-15 2993488]

    c:\documents and settings\Vincent.COMPUTER-KEUKEN\Menu Start\Programma's\Opstarten\AutorunsDisabled
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "vidc.asv2"= asusasv2.dll
    "VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^SetPointII.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\SetPointII.lnk
    backup=c:\windows\pss\SetPointII.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    –a—— 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
    –a—— 2007-07-04 20:59 45056 c:\program files\Vista Drive Icon\DrvIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    –a—— 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
    –a—— 2007-01-30 14:41 596760 c:\program files\Hitman Pro\xphelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
    –a—— 2008-01-22 21:14 1953792 c:\windows\system32\JMRaidSetup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
    –a—— 2008-01-22 21:14 36864 c:\windows\JM\JMInsIDE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
    –a—— 2008-01-22 21:14 1126400 c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    –a—— 2008-01-22 21:14 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ——— 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
    –a—— 2008-01-22 21:14 2658304 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    –a—— 2008-11-12 14:54 13672448 c:\windows\system32
    vcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    –a—— 2008-11-12 14:54 86016 c:\windows\system32
    vmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    –a—— 2008-12-30 13:44 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra—— 2006-11-24 01:06 487424 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    ——— 2006-07-13 06:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    -ra—— 2006-12-18 14:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    –a—— 2005-09-14 19:44 65536 c:\program files\USB Disk Win98 Driver\Res.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMAAD]
    –a—— 2008-01-22 21:14 110592 c:\program files\Sony\WALKMAN Launcher\WMAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    –a—— 2008-04-14 18:03 110592 c:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    –a—— 2007-07-17 16:39 55824 c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    –a—— 2008-11-12 14:54 1630208 c:\windows\system32
    wiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
    "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
    "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited_NEW.exe"=
    "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited_FIX_PROG.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\Codemasters\\GRID\\GRID_NEW.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-09-03 23152]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-12-31 13352]
    S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-12-15 75952]
    S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-12-15 67760]
    S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys –> c:\windows\system32\DRIVERS\pfc027.sys [?]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-11-05 89256]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-11-05 15016]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-11-05 120744]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-11-05 114216]
    S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-11-05 25512]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-11-05 110632]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-11-05 115752]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-11-05 90408]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-11-05 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-11-05 122024]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-11-05 115368]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-11-05 25768]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-11-05 111784]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-11-05 117544]

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - eeCtrl
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-09-19 c:\windows\Tasks\Crysis Wars(R) Updates.job
    - c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2008-09-19 16:07]

    2009-01-31 c:\windows\Tasks\User_Feed_Synchronization-{7381C0C8-8167-4277-964F-28655C54C053}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Transfer by Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-31 17:20:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1606980848-823518204-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1606980848-823518204-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:20,c6,35,25,a7,96,dc,53,77,ea,7d,09,80,8a,cc,32,6a,0c,7e,97,b2,90,73,
    d2,42,10,da,eb,86,1a,70,fc,48,77,a4,79,62,8d,19,56,c7,7c,be,cb,89,d6,66,9a,\
    "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

    [HKEY_USERS\S-1-5-21-1606980848-823518204-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:86,1b,b3,0e,16,34,d2,dd,8f,c3,3b,c8,bc,5f,52,f5,54,a4,90,28,50,
    2e,b4,27,c2,2f,94,77,e6,c1,59,34,99,4c,3b,5e,39,c1,a9,f4,04,8e,ab,cd,5c,2c,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2009-01-31 17:22:24
    ComboFix-quarantined-files.txt 2009-01-31 16:22:18
    ComboFix2.txt 2009-01-31 16:11:13
    ComboFix3.txt 2009-01-31 08:13:29
    ComboFix4.txt 2009-01-29 19:57:07
    ComboFix5.txt 2009-01-31 16:20:11

    Pre-Run: 66.253.627.392 bytes beschikbaar
    Post-Run: 66,235,248,640 bytes beschikbaar

    357 — E O F — 2009-01-14 18:58:57



  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Tadaa

    ComboFix 09-01-31.01 - Vincent 2009-01-31 19:48:17.10 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2047.1609 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Vincent.COMPUTER-KEUKEN\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Vincent.COMPUTER-KEUKEN\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\Temp\Perflib_Perfdata_158.dat
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\ark7.tmp\
    c:\ark8.tmp\
    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\Temp\Perflib_Perfdata_158.dat

    —– BITS: Mogelijk geïnfecteerde sites —–

    hxxp://msxb-d1.vo.llnw.net:3074
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))
    .

    2009-01-31 17:03 . 2009-01-31 17:03 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
    2009-01-31 09:14 . 2009-01-31 09:14 <DIR> d–hs—- c:\documents and settings\Vincent.COMPUTER-KEUKEN\UserData
    2009-01-29 18:16 . 2009-01-29 18:16 <DIR> d——– c:\windows\system32\Futuremark
    2009-01-29 18:16 . 2007-09-07 14:55 27,672 –a—— c:\windows\system32\drivers\Entech.sys
    2009-01-29 18:16 . 2007-09-07 14:55 12,744 –a—— c:\windows\system32\drivers\Entech64.sys
    2009-01-29 18:16 . 2007-09-07 14:55 6,173 –a—— c:\windows\system32\drivers\Entech.vxd
    2009-01-29 18:16 . 2001-11-19 20:05 3,972 –a—— c:\windows\system32\drivers\PciBus.sys
    2009-01-29 18:15 . 2009-01-29 18:15 <DIR> d——– c:\program files\Futuremark
    2009-01-27 16:17 . 2009-01-27 16:18 <DIR> d——– c:\program files\YouTube Downloader New
    2009-01-24 20:35 . 2009-01-24 20:39 <DIR> d——– c:\program files\Exterminate It!
    2009-01-24 20:23 . 2009-01-24 20:23 <DIR> d——– c:\documents and settings\Willemien\Application Data\Malwarebytes
    2009-01-24 18:55 . 2009-01-26 09:20 <DIR> d——– c:\program files\%systemdir%
    2009-01-21 23:51 . 2009-01-21 23:51 <DIR> d——– c:\program files\LimeWire Plus
    2009-01-21 23:51 . 2009-01-22 18:55 <DIR> d——– c:\program files\Conduit
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\program files\Photodex Presenter
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\program files\Photodex
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Photodex
    2009-01-18 13:30 . 2009-01-18 13:30 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Netscape
    2009-01-17 18:01 . 2009-01-17 18:01 <DIR> d——– c:\documents and settings\Willemien\Application Data\Samsung
    2009-01-17 17:58 . 2006-05-03 22:53 174,592 –a—— c:\windows\system32\framedyn.dll
    2009-01-17 17:57 . 2006-07-24 16:05 5,632 –a—— c:\windows\system32\drivers\StarOpen.sys
    2009-01-17 17:55 . 2009-01-17 17:55 <DIR> d——– c:\program files\Samsung
    2009-01-15 09:37 . 2009-01-15 09:37 42,320 –a—— c:\windows\system32\xfcodec.dll
    2009-01-14 19:57 . 2009-01-14 19:57 118 –a—— c:\windows\system32\MRT.INI
    2009-01-07 20:51 . 2009-01-29 09:43 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\LimeWire
    2009-01-05 18:53 . 2009-01-09 15:50 <DIR> d——– c:\program files\FLATOUT 2
    2009-01-02 16:35 . 2009-01-02 16:35 1,700,352 –a—— c:\windows\system32\gdiplus.dll
    2008-12-30 16:35 . 2008-12-30 16:35 107,888 –a—— c:\windows\system32\CmdLineExt.dll
    2008-12-30 11:05 . 2003-06-25 16:05 266,360 –a—— c:\windows\system32\TweakUI.exe
    2008-12-30 11:05 . 2002-06-21 15:09 160,217 –a—— c:\windows\system32\PowerToysLicense.rtf
    2008-12-27 16:29 . 2008-12-27 16:33 <DIR> d——– c:\windows\NV34482416.TMP
    2008-12-22 18:27 . 2008-12-23 21:10 1,393 –a—— c:\windows\imsins.BAK
    2008-12-22 17:14 . 2009-01-31 19:44 <DIR> d–hs—- c:\documents and settings\Vincent.COMPUTER-KEUKEN\Onlangs geopend
    2008-12-22 16:18 . 2008-12-22 16:18 0 –a—— C:\ARK8.tmp
    2008-12-22 16:18 . 2008-12-22 16:18 0 –a—— C:\ARK7.tmp
    2008-12-22 16:12 . 2008-12-22 16:12 <DIR> d——– c:\program files\Avira
    2008-12-22 16:12 . 2008-12-22 16:12 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Avira
    2008-12-22 16:10 . 2008-12-22 16:10 <DIR> d——– c:\program files\COMODO
    2008-12-22 16:10 . 2008-12-22 16:10 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\comodo
    2008-12-20 09:28 . 2008-12-20 11:27 <DIR> d——– c:\windows\system32\GroupPolicyManifest(2)
    2008-12-19 18:05 . 2008-12-19 18:05 373,760 –ahs—- c:\windows\system32\140.tmp
    2008-12-18 13:42 . 2008-12-18 13:42 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Zylom
    2008-12-17 18:51 . 2008-12-17 18:53 <DIR> d——– c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Belastingdienst
    2008-12-14 15:37 . 2008-12-22 17:16 <DIR> d——– c:\windows\NV26361368.TMP
    2008-12-07 16:14 . 2008-12-07 16:14 <DIR> dr-h—– c:\documents and settings\Willemien\Application Data\SecuROM
    2008-12-06 21:03 . 2008-12-06 21:04 <DIR> d——– c:\program files\Microsoft Games for Windows - LIVE
    2008-12-06 08:23 . 2008-12-06 08:23 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software
    2008-12-03 13:37 . 2008-12-28 11:36 <DIR> d——– c:\program files\Belastingdienst
    2008-12-02 17:59 . 2008-11-10 05:43 410,984 –a—— c:\windows\system32\deploytk.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-31 17:28 ——— d—–w c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\Xfire
    2009-01-30 19:17 137,688 —-a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-01-30 19:16 ——— d—–w c:\program files\Xfire
    2009-01-29 17:15 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-26 17:55 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 17:55 ——— d—–w c:\program files\LimewirePlus
    2009-01-21 12:43 ——— d—–w c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\U3
    2009-01-19 15:18 ——— d—–w c:\program files\SpeedFan
    2009-01-19 15:17 ——— d—–w c:\program files\Regelgeving APK
    2009-01-18 12:55 ——— d—a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-01-14 18:58 ——— d—–w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-07 21:34 ——— d—–w c:\program files\LimeWire
    2009-01-06 17:17 ——— d—–w c:\program files\EA GAMES
    2008-12-30 15:05 ——— d—–w c:\program files\Rockstar Games
    2008-12-28 10:39 ——— d—–w c:\program files\Handbrake
    2008-12-28 10:13 ——— d—–w c:\program files\Hitman Pro
    2008-12-27 15:31 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-27 11:26 729,088 —-a-w c:\windows\iun6002.exe
    2008-12-23 11:23 ——— d—–w c:\program files\Java
    2008-12-22 16:48 ——— d—–w c:\program files\GameSpy Arcade
    2008-12-22 16:47 ——— d—–w c:\program files\Lavalys
    2008-12-22 16:32 ——— d—–w c:\program files\Styler
    2008-12-22 16:16 ——— d—–w c:\program files\AGEIA Technologies
    2008-12-22 16:15 ——— d—–w c:\program files\Google
    2008-12-21 15:47 ——— d—–w c:\documents and settings\Willemien\Application Data\LimeWire
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-03 12:13 ——— d—–w c:\program files\Compaq
    2008-12-02 16:51 ——— d—–w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2008-12-02 16:48 ——— d—–w c:\program files\Bonjour
    2008-12-02 16:47 ——— d—–w c:\program files\Common Files\Apple
    2008-11-21 18:13 22,328 —-a-w c:\documents and settings\Vincent.COMPUTER-KEUKEN\Application Data\PnkBstrK.sys
    2006-06-23 06:48 32,768 —-a-r c:\windows\inf\UpdateUSB.exe
    2006-05-03 09:06 163,328 –sh–r c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31,232 –sh–r c:\windows\system32\msfDX.dll
    2007-12-17 12:43 27,648 –sh–w c:\windows\system32\Smab0.dll
    2008-09-20 14:45 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008092020080921\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-29_17.45.09.85 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2000-08-31 07:00:00 161,792 —-a-w c:\windows\SWREG.exe
    + 2000-08-31 07:00:00 286,720 —-a-w c:\windows\SWREG.exe
    + 2005-08-03 15:16:40 40,960 —-a-w c:\windows\system32\Futuremark\MSC\atimgpud.dll
    + 2007-09-07 13:55:04 65,536 —-a-w c:\windows\system32\Futuremark\MSC\Direcpll.dll
    - 2008-07-05 13:54:11 109,080 —-a-w c:\windows\system32\OpenAL32.dll
    + 2009-01-29 17:17:00 86,016 —-a-w c:\windows\system32\OpenAL32.dll
    - 2009-01-25 15:56:26 183,112 —-a-w c:\windows\system32\PnkBstrB.exe
    + 2009-01-30 19:16:56 202,040 —-a-w c:\windows\system32\PnkBstrB.exe
    + 2009-01-31 18:56:34 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_26c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-30 306088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Willemien\Menu Start\Programma's\Opstarten\
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\documents and settings\Vincent.COMPUTER-KEUKEN\Menu Start\Programma's\Opstarten\
    Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-01-15 2993488]

    c:\documents and settings\Vincent.COMPUTER-KEUKEN\Menu Start\Programma's\Opstarten\AutorunsDisabled
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "vidc.asv2"= asusasv2.dll
    "VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^SetPointII.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\SetPointII.lnk
    backup=c:\windows\pss\SetPointII.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    –a—— 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
    –a—— 2007-07-04 20:59 45056 c:\program files\Vista Drive Icon\DrvIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    –a—— 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]
    –a—— 2007-01-30 14:41 596760 c:\program files\Hitman Pro\xphelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
    –a—— 2008-01-22 21:14 1953792 c:\windows\system32\JMRaidSetup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
    –a—— 2008-01-22 21:14 36864 c:\windows\JM\JMInsIDE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
    –a—— 2008-01-22 21:14 1126400 c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    –a—— 2008-01-22 21:14 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ——— 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
    –a—— 2008-01-22 21:14 2658304 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    –a—— 2008-11-12 14:54 13672448 c:\windows\system32
    vcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    –a—— 2008-11-12 14:54 86016 c:\windows\system32
    vmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    –a—— 2008-12-30 13:44 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra—— 2006-11-24 01:06 487424 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    ——— 2006-07-13 06:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    -ra—— 2006-12-18 14:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    –a—— 2005-09-14 19:44 65536 c:\program files\USB Disk Win98 Driver\Res.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMAAD]
    –a—— 2008-01-22 21:14 110592 c:\program files\Sony\WALKMAN Launcher\WMAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    –a—— 2008-04-14 18:03 110592 c:\windows\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    –a—— 2007-07-17 16:39 55824 c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    –a—— 2008-11-12 14:54 1630208 c:\windows\system32
    wiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
    "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
    "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited_NEW.exe"=
    "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited_FIX_PROG.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\Codemasters\\GRID\\GRID_NEW.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
    "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-09-03 23152]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-12-31 13352]
    S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-12-15 75952]
    S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-12-15 67760]
    S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys –> c:\windows\system32\DRIVERS\pfc027.sys [?]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-11-05 89256]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-11-05 15016]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-11-05 120744]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-11-05 114216]
    S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-11-05 25512]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-11-05 110632]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-11-05 115752]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2008-11-05 90408]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2008-11-05 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2008-11-05 122024]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2008-11-05 115368]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2008-11-05 25768]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2008-11-05 111784]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2008-11-05 117544]
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-09-19 c:\windows\Tasks\Crysis Wars(R) Updates.job
    - c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2008-09-19 16:07]

    2009-01-31 c:\windows\Tasks\User_Feed_Synchronization-{7381C0C8-8167-4277-964F-28655C54C053}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Transfer by Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-31 19:57:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1606980848-823518204-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1606980848-823518204-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:20,c6,35,25,a7,96,dc,53,77,ea,7d,09,80,8a,cc,32,6a,0c,7e,97,b2,90,73,
    d2,42,10,da,eb,86,1a,70,fc,48,77,a4,79,62,8d,19,56,c7,7c,be,cb,89,d6,66,9a,\
    "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

    [HKEY_USERS\S-1-5-21-1606980848-823518204-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:8b,1e,a8,3e,c1,f7,89,66,dc,54,6e,7d,97,77,63,19,3e,a3,c2,90,1e,
    86,34,2a,3a,a0,e7,62,f8,bc,59,d7,f6,c7,5a,f4,63,1c,7a,13,0c,f9,bb,9d,2a,4b,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32
    vsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Photodex\ProShowGold\scsiaccess.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    c:\windows\system32\PAStiSvc.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-31 20:05:51 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-31 19:05:48
    ComboFix2.txt 2009-01-31 16:22:25
    ComboFix3.txt 2009-01-31 16:11:13
    ComboFix4.txt 2009-01-31 08:13:29
    ComboFix5.txt 2009-01-31 18:47:05

    Pre-Run: 65.349.292.032 bytes beschikbaar
    Post-Run: 65,345,642,496 bytes beschikbaar

    350 — E O F — 2009-01-14 18:58:57




Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.