Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Bepaalde prgramma's kan ik niet meer openen!

Anoniem
None
11 antwoorden
  • ziet er hier iemand onregelmatig heden op!!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:42:05, on 4/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [PE2CKFNT SE] "C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


    End of file - 6524 bytes

  • Download [b:6cf232d5bd] en sla het op je bureaublad op.
    Dubbelklik op [b:6cf232d5bd]mbam-setup.exe[/b:6cf232d5bd] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:6cf232d5bd]
    [*:6cf232d5bd]Update MalwareBytes' Anti-Malware
    [*:6cf232d5bd]Start MalwareBytes' Anti-Malware
    [/list:u:6cf232d5bd]Klik daarna op "[b:6cf232d5bd]Voltooien[/b:6cf232d5bd]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:6cf232d5bd]
    [*:6cf232d5bd]Zodra het programma gestart is, ga dan naar het tabblad "[b:6cf232d5bd]Instellingen[/b:6cf232d5bd]".
    [*:6cf232d5bd]Vink hier aan: "[b:6cf232d5bd]Sluit Internet Explorer tijdens verwijdering van malware[/b:6cf232d5bd]".
    [*:6cf232d5bd]Ga daarna naar het tabblad "[b:6cf232d5bd]Scanner[/b:6cf232d5bd]", kies hier voor "[b:6cf232d5bd]Snelle Scan[/b:6cf232d5bd]".
    [*:6cf232d5bd]Druk vervolgens op "[b:6cf232d5bd]Scannen[/b:6cf232d5bd]" om de scan te starten.
    [*:6cf232d5bd]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:6cf232d5bd]Wanneer de scan voltooid is, klik op [b:6cf232d5bd]OK[/b:6cf232d5bd], daarna "[b:6cf232d5bd]Bekijk Resultaten[/b:6cf232d5bd]" om de resultaten te zien.
    [*:6cf232d5bd]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:6cf232d5bd]Verwijder geselecteerde[/b:6cf232d5bd]".
    [*:6cf232d5bd]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:6cf232d5bd]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:6cf232d5bd]Logs[/b:6cf232d5bd]" tab te klikken in het programma.

    Plaats dit logje.


    Download [b:6cf232d5bd] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:6cf232d5bd]
  • ik heb alles uitgevoerd met het volgende resultaat!

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1736
    Windows 5.1.2600 Service Pack 3

    7/02/2009 14:12:00
    mbam-log-2009-02-07 (14-12-00).txt

    Scan type: Snelle Scan
    Objecten gescand: 53181
    Verstreken tijd: 4 minute(s), 30 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    ComboFix 09-02-06.02 - Gebruiker 2009-02-07 14:18:11.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.503 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Gebruiker\Application Data\inst.exe
    c:\program files\Common Files\{E890C~1

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))
    .

    2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
    2009-02-04 17:31 . 2009-02-06 21:25 <DIR> d——– c:\windows\system32\drivers\Avg
    2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
    2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
    2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
    2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8
    2009-01-10 16:37 . 2009-01-10 16:37 410,984 –a—— c:\windows\system32\deploytk.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
    2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
    2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
    2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-10 15:37 ——— d—–w c:\program files\Java
    2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
    2008-12-18 16:55 ——— dc—-w c:\program files\AVG
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
    2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
    2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
    2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
    2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
    2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
    2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
    2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
    2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
    2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
    2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
    2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
    2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
    2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
    1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
    2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
    2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
    2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-04 16:22:48 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_7b8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
    "PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
    "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
    backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
    path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
    backup=c:\windows\pss\SpywareGuard.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
    R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
    R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
    R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
    R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
    R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
    R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
    S0 esff;esff;c:\windows\system32\drivers\esff.sys –> c:\windows\system32\drivers\esff.sys [?]
    S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
    S1 ersd;ersd;\??\c:\windows\system32\drivers\ersd.sys –> c:\windows\system32\drivers\ersd.sys [?]
    S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
    S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
    S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]

    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - AVG8WD
    *NewlyCreated* - AVGLDX86
    *NewlyCreated* - AVGMFX86
    *NewlyCreated* - AVGRKX86

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba902ec2-5b7a-11da-96c1-806d6172696f}]
    \Shell\AutoRun\command - d:\bin\assetup.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-07 c:\windows\Tasks\A46F885A91840682.job
    - c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe []

    2006-10-22 c:\windows\Tasks\XoftSpy.job
    - c:\program files\XoftSpy\XoftSpy.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: recordgroup.be \www.home
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-07 14:20:12
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
    "1"=dword:45684247
    "2"=dword:456887a7

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
    16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
    f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
    39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
    ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
    93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
    1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
    92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
    d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
    ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
    6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
    af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
    72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
    .
    Voltooingstijd: 2009-02-07 14:22:10
    ComboFix-quarantined-files.txt 2009-02-07 13:22:04
    ComboFix2.txt 2009-01-31 11:51:30
    ComboFix3.txt 2009-01-30 17:46:17

    Pre-Run: 21.572.362.240 bytes beschikbaar
    Post-Run: 21,650,407,424 bytes beschikbaar

    240 — E O F — 2009-01-14 17:02:55



    mvg,

  • Ga naar Virustotal.com
    Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:a0bcb170cb]c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe[/b:a0bcb170cb]
    Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie

    Doe hetzelfde met dit bestand: [b:a0bcb170cb]c:\windows\Tasks\A46F885A91840682.job[/b:a0bcb170cb]


    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • dit bestand werkte niet met virus total
    [b:0aaee87640]c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe [/b:0aaee87640]

    het ander wel met volgend resultaat

    Bestand A46F885A91840682.job_ ontvangen op 2009.02.08 10:13:11 (CET)
    Huidig status: Laden … In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT


    Resultaat: 0/39 (0%)
    Server informatie laden…
    Je bestand is in de wachtrij geplaatst, plaats: 4.
    De gemiddelde starttijd ligt tussen 63 en 90 seconden.
    Laat dit venster open tijdens het scannen.
    De scanner die je bestand aan het verwerken was is gestopt, gelieve enkele seconden te wachten terwijl we proberen je resultaat te herstellen.
    Indien u meer dan 5 minuten wachten dient U uw bestand opnieuw in te sturen.
    Je bestand word op dit moment gescand door VirusTotal,
    De resultaten worden weergegeven zodra ze beschikbaar zijn.
    Geformatteerd Resultaten afdrukken
    Je bestand is vervallen of bestaat niet.
    De dienst is momenteel gestopt, je bestand staat in de wachtrij (plaats: ) voor een onbekende tijd.

    Je kan deze pagina open houden en wachten (automatische refresh) of je kan je e-mailadres hieronder invullen en op "Aanvraag verzenden" klikken zodat je de resultaten per mail ontvangt.
    E-mail:


    Antivirus Versie Laatst geüpdatet Resultaat
    a-squared 4.0.0.93 2009.02.08 -
    AhnLab-V3 5.0.0.2 2009.02.07 -
    AntiVir 7.9.0.76 2009.02.07 -
    Authentium 5.1.0.4 2009.02.07 -
    Avast 4.8.1335.0 2009.02.07 -
    AVG 8.0.0.229 2009.02.07 -
    BitDefender 7.2 2009.02.08 -
    CAT-QuickHeal 10.00 2009.02.07 -
    ClamAV 0.94.1 2009.02.08 -
    Comodo 971 2009.02.08 -
    DrWeb 4.44.0.09170 2009.02.08 -
    eSafe 7.0.17.0 2009.02.05 -
    eTrust-Vet 31.6.6346 2009.02.07 -
    F-Prot 4.4.4.56 2009.02.07 -
    F-Secure 8.0.14470.0 2009.02.08 -
    Fortinet 3.117.0.0 2009.02.08 -
    GData 19 2009.02.08 -
    Ikarus T3.1.1.45.0 2009.02.08 -
    K7AntiVirus 7.10.623 2009.02.07 -
    Kaspersky 7.0.0.125 2009.02.08 -
    McAfee 5518 2009.02.07 -
    McAfee+Artemis 5518 2009.02.06 -
    Microsoft 1.4306 2009.02.08 -
    NOD32 3836 2009.02.07 -
    Norman 6.00.02 2009.02.06 -
    nProtect 2009.1.8.0 2009.02.08 -
    Panda 9.5.1.2 2009.02.07 -
    PCTools 4.4.2.0 2009.02.07 -
    Prevx1 V2 2009.02.08 -
    Rising 21.15.50.00 2009.02.07 -
    SecureWeb-Gateway 6.7.6 2009.02.08 -
    Sophos 4.38.0 2009.02.08 -
    Sunbelt 3.2.1847.2 2009.02.07 -
    Symantec 10 2009.02.08 -
    TheHacker 6.3.1.5.249 2009.02.08 -
    TrendMicro 8.700.0.1004 2009.02.06 -
    VBA32 3.12.8.12 2009.02.08 -
    ViRobot 2009.2.6.1594 2009.02.06 -
    VirusBuster 4.5.11.0 2009.02.07 -
    Extra informatie
    File size: 278 bytes
    MD5…: bf75a20168ebcfb8f3de579375739374
    SHA1..: 30bcce2f314ef9c72d6af47f963cc1db1647dbe2
    SHA256: d0c5743ef1b50fc9fde222f353aa7e6ee1ab4255105e87c9ca5c5c0320ce32f2
    SHA512: 2cfbadeb0acb4601c67cb5f4a914e23dd57fd00d76a5407d2e1cd93ac066276d
    4f6ce6dd4d513eff4e5ddafa856d535e05e186f5067fc3b34812184599265206

    ssdeep: 3:BIVmajRT//t2WSlXv/l/el50yQh4lHNVi+lQGvlAiXlABFblfLMF6LlAAttYuv
    /V:Qht2W0kGD+7QGvlJsLY+dtSuuXkle81

    PEiD..: -
    TrID..: File type identification
    Unknown!


    [b:0aaee87640]de resultaten van combofix[/b:0aaee87640]

    ComboFix 09-02-06.04 - Gebruiker 2009-02-08 10:48:19.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.607 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_ERSD
    ——-\Legacy_ESFF
    ——-\Service_ersd
    ——-\Service_esff


    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-08 to 2009-02-08 ))))))))))))))))))))))))))))))
    .

    2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
    2009-02-04 17:31 . 2009-02-07 17:25 <DIR> d——– c:\windows\system32\drivers\Avg
    2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
    2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
    2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
    2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8
    2009-01-10 16:37 . 2009-01-10 16:37 410,984 –a—— c:\windows\system32\deploytk.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
    2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
    2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
    2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-10 15:37 ——— d—–w c:\program files\Java
    2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
    2008-12-18 16:55 ——— dc—-w c:\program files\AVG
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
    2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
    2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
    2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
    2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
    2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
    2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
    2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
    2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
    2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
    2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
    2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
    2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
    2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
    1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
    2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
    2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
    2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 —-a-w c:\windows\ERDNT\subs\ERDNT.EXE
    - 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-08 09:51:58 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
    "PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
    "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
    backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
    path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
    backup=c:\windows\pss\SpywareGuard.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
    R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
    R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
    R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
    R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
    R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
    R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
    S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
    S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
    S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
    S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-08 c:\windows\Tasks\A46F885A91840682.job
    - c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe []

    2006-10-22 c:\windows\Tasks\XoftSpy.job
    - c:\program files\XoftSpy\XoftSpy.exe []
    .
    - - - - ORPHANS VERWIJDERD - - - -

    SafeBoot-ersd.sys


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: recordgroup.be \www.home
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-08 10:52:12
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
    "1"=dword:45684247
    "2"=dword:456887a7

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
    16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
    f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
    39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
    ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
    93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
    1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
    92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
    d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
    ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
    6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
    af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
    72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\windows\system32\brsvc01a.exe
    c:\windows\system32\brss01a.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32
    vsvc32.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\AVG\AVG8\avgam.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-08 10:55:29 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-08 09:55:26
    ComboFix2.txt 2009-02-07 13:22:12
    ComboFix3.txt 2009-01-31 11:51:30
    ComboFix4.txt 2009-01-30 17:46:17

    Pre-Run: 21.669.814.272 bytes beschikbaar
    Post-Run: 21,593,034,752 bytes beschikbaar

    255 — E O F — 2009-01-14 17:02:55

    mvg,


  • Ga nu naar Start -> Uitvoeren
    Typ hier dit commando in: [b:102b79e2da]sc stop ctredrv[/b:102b79e2da] en druk op OK.


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • ComboFix 09-02-08.02 - Gebruiker 2009-02-09 20:44:05.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.516 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\system32\drivers\ctredrv.sys
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-09 to 2009-02-09 ))))))))))))))))))))))))))))))
    .

    2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
    2009-02-04 17:31 . 2009-02-09 13:25 <DIR> d——– c:\windows\system32\drivers\Avg
    2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
    2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
    2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
    2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8
    2009-01-10 16:37 . 2009-01-10 16:37 410,984 –a—— c:\windows\system32\deploytk.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
    2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
    2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
    2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-10 15:37 ——— d—–w c:\program files\Java
    2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
    2008-12-18 16:55 ——— dc—-w c:\program files\AVG
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
    2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
    2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
    2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
    2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
    2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
    2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
    2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
    2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
    2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
    2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
    2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
    2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
    2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
    1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
    2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
    2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
    2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 —-a-w c:\windows\ERDNT\subs\ERDNT.EXE
    - 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-08 09:51:58 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
    "PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
    "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
    backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
    path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
    backup=c:\windows\pss\SpywareGuard.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
    R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
    R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
    R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
    R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
    R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
    R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
    S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
    S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
    S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
    S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-09 c:\windows\Tasks\A46F885A91840682.job
    - c:\docume~1\gebrui~1\applic~1\doesre~1\bind soap safe.exe []

    2006-10-22 c:\windows\Tasks\XoftSpy.job
    - c:\program files\XoftSpy\XoftSpy.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: recordgroup.be \www.home
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-09 20:46:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
    "1"=dword:45684247
    "2"=dword:456887a7

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
    16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
    f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
    39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
    ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
    93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
    1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
    92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
    d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
    ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
    6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
    af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
    72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
    .
    Voltooingstijd: 2009-02-09 20:48:27
    ComboFix-quarantined-files.txt 2009-02-09 19:48:25
    ComboFix2.txt 2009-02-08 09:55:31
    ComboFix3.txt 2009-02-07 13:22:12
    ComboFix4.txt 2009-01-31 11:51:30
    ComboFix5.txt 2009-02-09 19:43:24

    Pre-Run: 21.505.114.112 bytes beschikbaar
    Post-Run: 21,500,588,032 bytes beschikbaar

    230 — E O F — 2009-01-14 17:02:55


    mvg,

  • U]LopSD (by eric 71)
    De-activeer bij dit tooltje je antispyware en virusscanner
    Download LopSD naar je Bureaublad


    * Kies Optie N en Enter
    * Klik OK bij het informatie venter
    * Kies Optie 2 en Enter
    * Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord samen met een nieuw ComboFix logje.

    Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"
  • sorry maar ik begrijp niet goed wat ik nu moet uitvoeren!
    Kan je wat meer uitleg verschaffen aub?

    mvg,
  • [u:80c293525f]LopSD (by eric 71)[/u:80c293525f]
    De-activeer bij dit tooltje je antispyware en virusscanner
    Download LopSD naar je Bureaublad


    * Kies Optie N en Enter
    * Klik OK bij het informatie venter
    * Kies Optie 2 en Enter
    * Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord samen met een nieuw ComboFix logje.

    Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren"
  • ComboFix 09-02-10.03 - Gebruiker 2009-02-11 16:31:02.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.497 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-11 to 2009-02-11 ))))))))))))))))))))))))))))))
    .

    2009-02-11 16:14 . 2009-02-11 16:18 <DIR> d—-c— C:\Lop SD
    2009-02-05 13:53 . 2009-02-05 14:24 <DIR> d–h-c— C:\$AVG8.VAULT$
    2009-02-04 17:31 . 2009-02-11 13:25 <DIR> d——– c:\windows\system32\drivers\Avg
    2009-02-04 17:31 . 2009-02-07 14:04 <DIR> d—-c— c:\documents and settings\Gebruiker\Application Data\AVGTOOLBAR
    2009-02-04 17:31 . 2009-02-04 17:31 325,128 –a—— c:\windows\system32\drivers\avgldx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 107,272 –a—— c:\windows\system32\drivers\avgtdix.sys
    2009-02-04 17:31 . 2009-02-04 17:31 12,552 –a—— c:\windows\system32\drivers\avgrkx86.sys
    2009-02-04 17:31 . 2009-02-04 17:31 10,520 –a—— c:\windows\system32\avgrsstx.dll
    2009-02-04 17:30 . 2009-02-04 17:30 <DIR> d—-c— c:\documents and settings\All Users\Application Data\avg8

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-31 12:33 ——— dc—-w c:\program files\SpywareGuard
    2009-01-31 12:17 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-31 12:16 ——— dc—-w c:\program files\Mobile Action
    2009-01-31 12:06 ——— dc—-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-31 12:06 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-31 12:04 ——— dc—-w c:\program files\Iomega
    2009-01-30 10:00 ——— dc—-w c:\program files\Malwarebytes' Anti-Malware
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-10 15:37 410,984 —-a-w c:\windows\system32\deploytk.dll
    2009-01-10 15:37 ——— d—–w c:\program files\Java
    2009-01-05 11:56 ——— dc—-w c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-05 11:56 ——— dc—-w c:\program files\CCleaner
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\Gebruiker\Application Data\Malwarebytes
    2009-01-05 10:00 ——— dc—-w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-19 18:12 ——— d—–w c:\program files\Network Associates
    2008-12-18 16:55 ——— dc—-w c:\program files\AVG
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2007-06-18 16:28 47,360 -c–a-w c:\documents and settings\Gebruiker\Application Data\pcouffin.sys
    2007-02-18 17:06 87,608 -c–a-w c:\documents and settings\Gebruiker\Application Data\ezpinst.exe
    2007-02-10 20:42 337 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb1942.dat
    2007-02-07 18:25 20,480 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb4827.dat
    2006-12-01 16:08 49 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb41.dat
    2006-11-25 13:25 9,216 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb8467.dat
    2006-11-25 13:25 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb6334.dat
    2006-11-25 13:24 0 -c–a-w c:\documents and settings\Gebruiker\Application Data\internaldb5436.dat
    2006-03-24 19:05 26,922 -c–a-w c:\program files\moviepass Terms.html
    2005-11-17 10:26 0 -c–a-w c:\program files\AUTOEXEC.BAT
    2005-02-04 13:41 867 -c–a-w c:\program files\asdf.txt
    2005-01-31 18:57 5,042 -c–a-r c:\program files\CLDMA.LOG
    2004-05-25 22:24 0 -c–a-w c:\program files\CONFIG.SYS
    2001-05-24 11:59 162,304 -c–a-w c:\program files\UNWISE.EXE
    1999-12-07 18:00 1,384,448 -c–a-w c:\program files\msvbvm60.dll
    2005-11-24 17:54 56 -csha-r c:\windows\system32\69A2D02CB7.sys
    2005-11-24 17:54 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
    2008-09-02 15:17 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090220080903\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-30_18.44.26,09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 19:02:28 163,328 —-a-w c:\windows\ERDNT\subs\ERDNT.EXE
    - 2008-12-19 18:14:19 26,824 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-04 16:31:06 27,656 —-a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-08 09:51:58 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-04-12 1383936]
    "PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-05 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
    "nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2005-11-23 245760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-02-04 17:31 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Photo Express Calendar Checker SE.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Photo Express Calendar Checker SE.lnk
    backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^SpywareGuard.lnk]
    path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\SpywareGuard.lnk
    backup=c:\windows\pss\SpywareGuard.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    –a—— 2006-01-25 05:28 7094272 c:\program files\MSN Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-04 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-04 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-04 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
    R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [1997-03-12 25792]
    R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2007-01-14 8864]
    R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2007-01-14 8864]
    R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2007-01-14 8864]
    R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [2007-01-14 8012]
    R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2005-11-23 556416]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-11-23 6400]
    S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys –> c:\windows\system32\drivers\ctredrv.sys [?]
    S3 P730C;P730C;c:\windows\system32\drivers\P730C.sys [2006-08-12 25300]
    S3 P730M;P730M;c:\windows\system32\drivers\P730M.sys [2006-08-12 25300]
    S3 P730U;P730U;c:\windows\system32\drivers\P730U.sys [2006-08-12 49365]
    .
    Inhoud van de 'Gedeelde Taken' map

    2006-10-22 c:\windows\Tasks\XoftSpy.job
    - c:\program files\XoftSpy\XoftSpy.exe []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://google.be/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: recordgroup.be \www.home
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 16:33:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-1935655697-1450960922-839522115-1004\Software\Zepter Software\RegLib*c087c35c\CloneDVDmobile/1]
    "1"=dword:45684247
    "2"=dword:456887a7

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,96,90,77,5c,45,
    16,a8,4f,e2,63,26,f1,3f,c8,ff,68,a2,f1,54,d9,4a,5c,ce,8e,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,71,56,b3,d6,49,
    f8,b9,f9,6a,9c,d6,61,af,45,84,18,3c,b5,d3,19,a7,d1,06,b2,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,75,34,11,c3,66,
    39,5c,51,ff,7c,85,e0,43,d4,0e,fe,95,1a,5c,40,3e,49,83,6e,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,6e,4e,97,2a,cd,
    ea,a0,59,86,8c,21,01,be,91,eb,e7,c2,e7,e4,2a,3c,3c,e0,77,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,e5,4e,76,bb,ee,
    93,40,fc,f5,1d,4d,73,a8,13,5c,05,55,b0,cb,c5,3c,eb,fb,aa,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7d,4a,8b,83,ad,
    1d,f3,2a,df,20,58,62,78,6b,cf,c8,a1,0c,eb,73,e5,d0,3f,98,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,29,8f,9e,31,f0,
    92,13,96,fb,a7,78,e6,12,2f,9a,ea,4b,c7,5a,b6,98,bc,40,96,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,1d,20,e3,c0,b8,
    d1,65,53,01,3a,48,fc,e8,04,4a,f1,69,c9,fc,90,2e,1a,36,7d,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,12,ea,d5,cc,
    ff,13,d3,f6,0f,4e,58,98,5b,89,c9,c2,66,ce,3a,03,89,dc,aa,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9e,2e,e6,b1,3e,
    6b,c1,86,3d,ce,ea,26,2d,45,aa,78,72,2d,0c,b8,11,b2,da,23,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,63,d4,a8,5f,b0,
    af,bd,63,2a,b7,cc,b5,b9,7f,41,e7,2a,3c,52,1d,d8,66,7d,7a,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,a5,42,a3,3a,
    72,d1,03,6c,43,2d,1e,aa,22,2f,9c,4a,71,40,f6,51,86,fc,f0,6c,43,2d,1e,aa,22,\
    .
    Voltooingstijd: 2009-02-11 16:35:06
    ComboFix-quarantined-files.txt 2009-02-11 15:35:03
    ComboFix2.txt 2009-02-09 19:48:29
    ComboFix3.txt 2009-02-08 09:55:31
    ComboFix4.txt 2009-02-07 13:22:12
    ComboFix5.txt 2009-02-11 15:30:29

    Pre-Run: 21.365.809.152 bytes beschikbaar
    Post-Run: 21,368,545,280 bytes beschikbaar

    226 — E O F — 2009-01-14 17:02:55





    ——————–\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron™ Processor 3000+ )
    BIOS : Default System BIOS
    USER : Gebruiker ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus 8.0 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:74 Go (Free:19 Go)
    D:\ (Local Disk) - NTFS - Total:189 Go (Free:83 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( wo 11/02/2009|16:15 )


    HERSTEL

    Verwijderd ! - C:\WINDOWS\Tasks\A46F885A91840682.job
    Verwijderd ! - C:\DOCUME~1\GEBRUI~1\APPLIC~1\doesre~1
    Verwijderd ! - C:\Program Files\doesre~1




    ——————–\\ Beschrijving van mappen in APPLIC~1

    [22/06/2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [09/12/2005|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [06/02/2006|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [04/02/2009|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
    [22/07/2006|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
    [08/05/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
    [23/11/2005|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [24/07/2008|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    [26/07/2008|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [05/01/2009|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [02/06/2006|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [25/11/2007|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1
    View_Profiles
    [23/07/2007|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
    [23/11/2005|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    [14/12/2007|16:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
    [30/06/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RetroExp
    [23/07/2007|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    [23/07/2007|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
    [01/10/2006|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
    [31/01/2009|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [14/12/2007|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SurfRight
    [05/02/2008|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [23/07/2007|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
    [08/05/2007|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TimeUpTeamFlaw
    [07/05/2006|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [24/07/2007|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
    [0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
    [28|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

    [22/11/2005|17:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

    [02/12/2005|19:37] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
    [21/06/2008|13:13] C:\DOCUME~1\GEBRUI~1\APPLIC~1\AdobeUM
    [14/12/2005|11:42] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ahead
    [05/02/2006|22:04] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Apple Computer
    [09/09/2006|14:54] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ArcSoft
    [10/02/2007|11:19] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Autodesk
    [07/02/2009|14:04] C:\DOCUME~1\GEBRUI~1\APPLIC~1\AVGTOOLBAR
    [06/02/2008|13:27] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Chessmaster Challenge
    [08/05/2007|10:32] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Comodo
    [24/11/2005|21:52] C:\DOCUME~1\GEBRUI~1\APPLIC~1\CyberLink
    [02/12/2006|13:15] C:\DOCUME~1\GEBRUI~1\APPLIC~1\DVD Shrink 3.0
    [26/02/2006|16:22] C:\DOCUME~1\GEBRUI~1\APPLIC~1\dvdcss
    [24/03/2006|19:57] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Elaborate Bytes
    [11/02/2007|15:21] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Google
    [12/12/2005|20:52] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Help
    [06/11/2007|15:18] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Identities
    [24/11/2005|22:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Kazaa Lite
    [23/11/2005|11:21] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Lavasoft
    [24/09/2006|17:31] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Leadertech
    [24/11/2005|23:14] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Macromedia
    [05/01/2009|11:00] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Malwarebytes
    [31/01/2009|13:16] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Microsoft
    [12/08/2006|14:27] C:\DOCUME~1\GEBRUI~1\APPLIC~1\MobileAction
    [11/02/2006|00:14] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Morpheus
    [08/10/2006|17:45] C:\DOCUME~1\GEBRUI~1\APPLIC~1\RapidGet
    [24/12/2007|13:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung
    [23/07/2007|15:35] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sauce
    [20/12/2006|20:56] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Shareaza
    [22/03/2006|19:57] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SlySoft
    [01/10/2006|16:56] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sony Corporation
    [26/06/2007|18:53] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SPAMfighter
    [23/11/2005|11:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sun
    [25/11/2005|18:47] C:\DOCUME~1\GEBRUI~1\APPLIC~1\vlc
    [18/06/2007|17:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Vso
    [24/07/2007|10:46] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Zylom
    [0|bestand(en)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes
    [37|map(pen)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes beschikbaar

    [04/02/2009|17:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [14/12/2007|17:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\SurfRight
    [0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
    [4|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

    [04/02/2009|17:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
    [3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

    ——————–\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

    [22/10/2006 15:40][–a——] C:\WINDOWS\tasks\XoftSpy.job
    [09/02/2009 20:48][–ah—–] C:\WINDOWS\tasks\SA.DAT
    [04/08/2004 13:00][-r-h—–] C:\WINDOWS\tasks\desktop.ini

    ——————–\\ Beschrijving van mappen in C:\Program Files

    [02/12/2005|19:37] C:\Program Files\Adobe
    [24/11/2005|22:25] C:\Program Files\Ahead
    [14/01/2007|17:07] C:\Program Files\ALCATech
    [23/11/2005|10:48] C:\Program Files\AMD
    [12/05/2007|14:05] C:\Program Files\Ant Stratego
    [09/09/2006|14:41] C:\Program Files\ArcSoft
    [10/02/2007|11:19] C:\Program Files\Audacity
    [18/12/2008|17:55] C:\Program Files\AVG
    [17/11/2002|00:09] C:\Program Files\BPM Studio Pro 4.6
    [05/01/2009|12:56] C:\Program Files\CCleaner
    [22/07/2006|18:57] C:\Program Files\Common
    [09/02/2009|20:45] C:\Program Files\Common Files
    [09/05/2007|08:20] C:\Program Files\Comodo
    [22/11/2005|17:17] C:\Program Files\ComPlus Applications
    [23/11/2005|14:01] C:\Program Files\Config.Msi
    [23/11/2005|14:01] C:\Program Files\converted
    [23/11/2005|11:08] C:\Program Files\CyberLink
    [25/06/2006|20:06] C:\Program Files\DigiPass
    [25/03/2006|13:48] C:\Program Files\directx
    [24/11/2005|18:54] C:\Program Files\DivX
    [23/11/2005|14:47] C:\Program Files\Documents and Settings
    [23/11/2005|14:47] C:\Program Files\DOMUS
    [23/11/2005|11:15] C:\Program Files\DVD Decrypter
    [23/11/2005|11:15] C:\Program Files\DVD Shrink
    [15/05/2007|16:20] C:\Program Files\DVDFab Decrypter 3
    [24/07/2008|12:17] C:\Program Files\DVDFab Platinum
    [18/06/2007|17:28] C:\Program Files\DVDFab Platinum 3
    [09/02/2007|21:05] C:\Program Files\Easy Computing
    [25/11/2006|12:35] C:\Program Files\Elaborate Bytes
    [29/01/2008|21:27] C:\Program Files\ESET
    [24/07/2007|10:21] C:\Program Files\Ets3PlugIn
    [05/01/2009|12:56] C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
    [23/11/2005|14:50] C:\Program Files\FreeMeter
    [15/09/2007|12:17] C:\Program Files\fsupport
    [14/08/2007|17:35] C:\Program Files\Gamenext
    [27/07/2008|09:30] C:\Program Files\Google
    [09/02/2007|21:19] C:\Program Files\HijackThis
    [31/01/2009|13:17] C:\Program Files\InstallShield Installation Information
    [11/12/2008|17:59] C:\Program Files\Internet Explorer
    [22/12/2005|21:58] C:\Program Files\InterVideo
    [31/01/2009|13:04] C:\Program Files\Iomega
    [10/01/2009|16:37] C:\Program Files\Java
    [01/11/2006|13:46] C:\Program Files\Lavasoft
    [24/07/2007|10:46] C:\Program Files\LimeWire
    [30/01/2009|11:00] C:\Program Files\Malwarebytes' Anti-Malware
    [01/09/2008|18:12] C:\Program Files\Messenger
    [04/06/2006|20:17] C:\Program Files\Microsoft AntiSpyware
    [25/11/2005|17:14] C:\Program Files\microsoft frontpage
    [29/11/2005|18:15] C:\Program Files\Microsoft Office
    [23/11/2005|16:29] C:\Program Files\Microsoft Visual Studio
    [23/11/2005|16:29] C:\Program Files\Microsoft Works
    [23/11/2005|16:28] C:\Program Files\Microsoft.NET
    [05/01/2009|12:56] C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
    [31/01/2009|13:16] C:\Program Files\Mobile Action
    [01/09/2008|18:09] C:\Program Files\Movie Maker
    [14/12/2005|20:54] C:\Program Files\MP3Gain
    [01/12/2005|18:29] C:\Program Files\MSN Apps
    [22/11/2005|17:17] C:\Program Files\MSN Gaming Zone
    [02/09/2008|16:19] C:\Program Files\MSN Messenger
    [23/12/2006|09:52] C:\Program Files\MStart2Page
    [28/06/2007|17:55] C:\Program Files\MSXML 4.0
    [01/09/2008|18:06] C:\Program Files\NetMeeting
    [19/12/2008|19:12] C:\Program Files\Network Associates
    [23/11/2005|14:48] C:\Program Files\New
    [02/12/2005|16:12] C:\Program Files\NVIDIA Corporation
    [22/11/2005|17:19] C:\Program Files\Online Services
    [01/09/2008|18:06] C:\Program Files\Outlook Express
    [06/11/2007|16:16] C:\Program Files\Outlook Express sabrina
    [23/11/2005|15:28] C:\Program Files\Pinnacle
    [23/09/2007|17:19] C:\Program Files\Player Tool
    [04/02/2008|15:12] C:\Program Files\Poker Pro Labs
    [15/11/2008|17:04] C:\Program Files\Print Server
    [25/11/2006|12:15] C:\Program Files\Program Files
    [14/05/2006|15:45] C:\Program Files\Psygnosis
    [05/02/2006|22:04] C:\Program Files\QuickTime
    [25/12/2005|11:07] C:\Program Files\QuickTime(2)
    [21/05/2007|15:04] C:\Program Files\Realtek AC97
    [10/02/2007|11:19] C:\Program Files\Realtek Sound Manager
    [29/06/2008|15:22] C:\Program Files\Retrospect
    [05/01/2009|12:56] C:\Program Files\SDHelper (Spybot - Search & Destroy)
    [29/05/2007|18:05] C:\Program Files\Share_Accelerator_MM
    [20/12/2006|20:56] C:\Program Files\Shareaza
    [25/03/2006|13:48] C:\Program Files\Sierra On-Line
    [25/11/2006|12:57] C:\Program Files\SlySoft
    [06/02/2008|11:25] C:\Program Files\software
    [23/11/2005|14:57] C:\Program Files\SOHW-1653S
    [01/10/2006|16:53] C:\Program Files\Sony
    [01/10/2006|16:53] C:\Program Files\Sony Corporation
    [04/02/2008|15:11] C:\Program Files\SPAMfighter(2)
    [31/01/2009|13:06] C:\Program Files\Spybot - Search & Destroy
    [31/01/2009|13:33] C:\Program Files\SpywareGuard
    [14/12/2007|16:03] C:\Program Files\SurfRight
    [05/01/2009|12:56] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    [25/11/2005|18:26] C:\Program Files\TextBridge Classic
    [07/02/2008|08:54] C:\Program Files\Trend Micro
    [23/11/2005|15:01] C:\Program Files\TriVista
    [10/12/2005|18:13] C:\Program Files\Ulead Systems
    [23/11/2005|15:29] C:\Program Files\Uninstall Information
    [10/12/2005|18:53] C:\Program Files\VCW VicMan's Photo Editor
    [20/10/2006|18:21] C:\Program Files\VideoLAN
    [05/11/2006|14:51] C:\Program Files\VSO
    [29/11/2005|18:16] C:\Program Files\WexTech
    [13/08/2006|19:13] C:\Program Files\Winamp
    [01/09/2008|18:06] C:\Program Files\Windows Media Player
    [14/05/2007|08:37] C:\Program Files\Windows NT
    [22/11/2005|17:19] C:\Program Files\WindowsUpdate
    [24/06/2006|20:26] C:\Program Files\WinRAR
    [22/11/2005|17:20] C:\Program Files\xerox
    [27/10/2006|16:32] C:\Program Files\XoftSpy
    [15/03/2005|10:38] C:\Program Files\XoftSpy v4.11 with key
    [18/03/2008|16:59] C:\Program Files\Yahoo!
    [14/08/2007|17:30] C:\Program Files\Zylom Games
    [0|bestand(en)] C:\Program Files\bytes
    [114|map(pen)] C:\Program Files\bytes beschikbaar

    ——————–\\ Beschrijving van mappen in C:\Program Files\Common Files

    [22/06/2008|08:34] C:\Program Files\Common Files\Adobe
    [23/11/2005|11:13] C:\Program Files\Common Files\Ahead
    [09/09/2006|14:44] C:\Program Files\Common Files\ArcSoft
    [29/11/2005|18:13] C:\Program Files\Common Files\Autodesk Shared
    [29/11/2005|18:15] C:\Program Files\Common Files\DESIGNER
    [24/07/2007|10:21] C:\Program Files\Common Files\ELKA Shared
    [02/12/2005|16:21] C:\Program Files\Common Files\InstallShield
    [23/11/2005|11:01] C:\Program Files\Common Files\Java
    [29/11/2005|18:16] C:\Program Files\Common Files\LHSPF
    [18/12/2008|17:55] C:\Program Files\Common Files\Microsoft Shared
    [22/11/2005|17:18] C:\Program Files\Common Files\MSSoap
    [22/11/2005|18:10] C:\Program Files\Common Files\ODBC
    [18/03/2008|16:59] C:\Program Files\Common Files\Scanner
    [22/11/2005|17:18] C:\Program Files\Common Files\Services
    [01/10/2006|16:53] C:\Program Files\Common Files\Sony Shared
    [22/11/2005|18:10] C:\Program Files\Common Files\SpeechEngines
    [25/11/2005|18:45] C:\Program Files\Common Files\SWF Studio
    [01/09/2008|18:05] C:\Program Files\Common Files\System
    [29/11/2005|18:16] C:\Program Files\Common Files\Wextech Shared
    [0|bestand(en)] C:\Program Files\Common Files\bytes
    [21|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

    ——————–\\ Process

    ( 38 Processes )

    … OK !

    ——————–\\ Zoeken met S_Lop

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken naar Lop Bestanden - Mappen

    Geen Lop mappen gevonden !

    ——————–\\ Zoeken doorheen het Register

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ….. OK !

    ——————–\\ Nazicht van het Hosts bestand

    Hosts bestand IN ORDE


    ——————–\\ Zoeken naar verborgen bestanden met Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 16:17:30
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes …
    scanning hidden files …
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    ——————–\\ Zoeken naar andere infecties

    ——————–\\ Cracks & Keygens ..

    C:\DOCUME~1\GEBRUI~1\Favorieten\!CrackTeam.ws Cracks, serial numbers, keygens. Unlock Your Software..url
    C:\DOCUME~1\ALLUSE~1\Documenten\Mijn downloads\Microsoft Serial, Key, Crack for all versions of 95, 98, 98 SE, 2000, XP, Corp, Visual C++, Visual Basic, Excel, Money, Office, publisher, word, works, and many more (anti-MS).zip


    [F:20][D:0]-> C:\DOCUME~1\GEBRUI~1\Cookies
    [F:104][D:4]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - wo 11/02/2009|16:18 - Option : [2]

    ——————–\\ Scan voltooid om 16:18:14





    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 16:31:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden files …

    scan completed successfully
    hidden files: 0



    mvg,


Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.