Vraag & Antwoord

Beveiliging & privacy

CiD Pop Ups,

Anoniem
None
8 antwoorden
 • gaat vast al beter, toch?
 • Halo,

  Het gaat zeker beter!
  De pop ups zijn weg en alle andere nare dingen ook.
  Dank u wel voor uw snelle, duidelijke en goede hulp.

  Groeten.
 • Graag gedaan. :D
 • Hallo,
  Ik weet dat er meerdere topics zijn over dit probleem maar na vele pogingen met behulp van die topics is het me nog niet gelukt om van de CiD pop ups af te komen. Ik heb dit probleem al 1x meer gehad toen kon ik het zo weghalen met wat scans van AVG maar nu ongeveer 3 weken later is het weer teruggekomen.
  Hier is mijn hjackthis logje:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 11:33:52, on 15-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\MessengerPlus! 3\MsgPlus.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\WINDOWS\System32\Rundll32.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\DAEMON Tools\daemon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\PnkBstrA.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\Program Files\Xfire\xfire.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ufclan.roxorgamers.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
  O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
  O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
  O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Default Owns.exe
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [rdrrule] C:\DOCUME~1\Dennis\APPLIC~1\4METAP~1\Audio browse wipe.exe
  O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
  O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
  O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - Global Startup: Logitech SetPoint.lnk = ?
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


  End of file - 7410 bytes

  Ik hoop dat Iemand me kan helpen.

  Groeten
 • Download [b:701a796db3]Combofix[/b:701a796db3] naar je Bureaublad.[list:701a796db3]
  Dubbelklik op [b:701a796db3]Combofix.exe[/b:701a796db3]
  Volg de instructies, aanvaard de disclaimer door [b:701a796db3]1[/b:701a796db3] (continue) te typen gevolgd door [b:701a796db3]ENTER[/b:701a796db3].
  Tijdens het runnen van de fix, [b:701a796db3]NIET[/b:701a796db3] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:701a796db3]
  Wanneer de fix voltooid is en na herstart, zal de log [b:701a796db3]combofix.txt[/b:701a796db3] openen.
  [i:701a796db3]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:701a796db3]

  Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:701a796db3]
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
  O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Default Owns.exe
  O4 - HKCU\..\Run: [rdrrule] C:\DOCUME~1\Dennis\APPLIC~1\4METAP~1\Audio browse wipe.exe
  [/b:701a796db3]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.  Open de verkenner ("Mijn Computer";) en kies [b:701a796db3]Extra[/b:701a796db3] -> [b:701a796db3]Mapopties…[/b:701a796db3]
  Controleer onder [b:701a796db3]Weergave[/b:701a796db3] de volgende instellingen:

  Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
  Uitzetten: Extensies voor bekende bestandstypen verbergen

  Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
  Selecteer: Verborgen bestanden en mappen weergeven

  Verwijder de volgende directories: in veilige modus (tijdens opstarten op F8 tappen)

  C:\Documents and Settings\All Users\Application Data\[b:701a796db3]third lies itch ford[/b:701a796db3]\
  C:\DOCUME~1\Dennis\APPLIC~1\[b:701a796db3]4METAP~1[/b:701a796db3]\

  Download dit bestand:
  [b:701a796db3]Deljob.exe[/b:701a796db3]
  Plaats het op je bureaublad.
  Indien je virusscanner de download van deljob.exe blokkeert,
  schakel dan tijdelijk je virusscanner uit of download de zip-versie
  [b:701a796db3]deljob.zip[/b:701a796db3]
  en pak deze uit naar je Bureaublad.
  Dubbelklik [b:701a796db3]Deljob.exe[/b:701a796db3].
  Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
  Post de inhoud van [b:701a796db3]logit.txt[/b:701a796db3] in je volgende bericht.

  plaats in je volgende post.
  het deljob logje
  het combofix logje
  een nieuw HJT logje

  succes
 • Hallo,
  Bedankt voor je reactie!

  Ik heb alles met succes uit kunnen voeren. Hier zijn mijn logjes.

  Hjackthis:
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:20:05, on 15-9-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\EASYPH~1\Apache\apache.exe
  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
  C:\PROGRA~1\EASYPH~1\Apache\apache.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\PnkBstrA.exe
  C:\WINDOWS\system32\PSIService.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\MessengerPlus! 3\MsgPlus.exe
  C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
  C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\DAEMON Tools\daemon.exe
  C:\Program Files\Picasa2\PicasaMediaDetector.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  C:\Program Files\Logitech\SetPoint\SetPoint.exe
  C:\Program Files\Hamachi\hamachi.exe
  C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ufclan.roxorgamers.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
  O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
  O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
  O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
  O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - Global Startup: Logitech SetPoint.lnk = ?
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe
  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


  End of file - 7250 bytes

  Combofix log:

  ComboFix 07-08-24.4 - "Dennis" 2007-08-24 19:59:21.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1479 [GMT 2:00]
  * Created a new restore point


  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


  C:\DOCUME~1\Dennis\APPLIC~1\macromedia\Flash Player\#SharedObjects\2RWSKVNW\iforex.com
  C:\DOCUME~1\Dennis\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
  C:\DOCUME~1\Dennis\BUREAU~1\internet.lnk
  C:\WINDOWS\system32\dwdsrngt.exe
  C:\WINDOWS\system32\lodsrngk.exe
  C:\WINDOWS\system32\msnav32.ax
  C:\WINDOWS\system32\nsq24.dll
  C:\WINDOWS\system32\nsz26.dll
  C:\WINDOWS\system32\qwinpmdt.exe
  C:\WINDOWS\system32\winpfz32.sys
  C:\WINDOWS\system32\zxdnt3d.cfg


  ((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


  2007-08-24 19:58 51,200 –a—— C:\WINDOWS\nircmd.exe
  2007-08-24 18:28 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\4 meta pure
  2007-08-24 18:27 82,248 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-08-24 18:27 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-08-24 18:27 57,672 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-08-24 18:27 40,264 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-08-24 18:27 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-08-24 18:27 <DIR> d——– C:\Program Files\Spyware Doctor
  2007-08-24 18:27 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\PC Tools
  2007-08-24 17:40 <DIR> d——– C:\Program Files\Lavasoft
  2007-08-24 17:40 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
  2007-08-24 17:26 <DIR> d——– C:\Program Files\Trend Micro
  2007-08-24 15:56 <DIR> d——– C:\WINDOWS\LastGood.Tmp
  2007-08-23 17:41 33,511 –a—— C:\WINDOWS\system32\ninjaext-uninstall.exe
  2007-08-22 18:29 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\NASA
  2007-08-22 18:28 <DIR> d——– C:\Program Files\NASA
  2007-08-22 18:27 <DIR> d——– C:\WINDOWS\system32\URTTemp
  2007-08-20 19:58 75,264 –a—— C:\WINDOWS\system32\ninjaext.dll
  2007-08-19 00:10 <DIR> d–hs—- C:\Program Files\outlook
  2007-08-18 23:54 39,884 –a—— C:\WINDOWS\system32\gzmrot-uninst.exe
  2007-08-18 23:53 55,542 –a—— C:\WINDOWS\system32\adssite-remove.exe
  2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\Incomplete
  2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\LimeWirePlus
  2007-08-18 23:41 <DIR> d——– C:\Program Files\LimeWire Plus
  2007-08-16 16:35 <DIR> d——– C:\Program Files\Ventrilo
  2007-08-16 16:35 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
  2007-08-16 16:35 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Ventrilo
  2007-08-14 20:30 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Download Manager
  2007-08-14 13:24 <DIR> d——– C:\Program Files\mIRC
  2007-08-12 22:37 286,720 –a—— C:\WINDOWS\iun506.exe
  2007-08-12 22:37 <DIR> d——– C:\Program Files\Rcon Unlimited
  2007-08-12 17:21 286,720 ——— C:\WINDOWS\Setup1.exe
  2007-08-12 17:21 <DIR> d——– C:\Program Files\Rcon4Cod2
  2007-08-12 17:17 73,216 –a—— C:\WINDOWS\ST6UNST.EXE
  2007-08-12 14:27 <DIR> d——– C:\Program Files\FileZilla
  2007-08-10 21:15 <DIR> d——– C:\Program Files\VALVe
  2007-08-09 18:47 <DIR> d——– C:\Program Files\MSBuild
  2007-08-09 18:47 <DIR> d——– C:\Program Files\Microsoft Works
  2007-08-09 18:45 <DIR> d——– C:\WINDOWS\SHELLNEW
  2007-08-09 18:44 <DIR> dr-h—– C:\MSOCache
  2007-08-09 18:44 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
  2007-08-09 18:23 <DIR> d——– C:\Program Files\DivX
  2007-08-09 15:15 1,165 –a—— C:\WINDOWS\mozver.dat
  2007-08-09 15:07 <DIR> d——– C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
  2007-08-08 23:52 0 –a—— C:\WINDOWS\nsreg.dat
  2007-08-07 11:52 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
  2007-08-06 11:58 50,688 –a—— C:\WINDOWS\system32\wbhelp2.dll
  2007-08-06 11:58 499,712 –a—— C:\WINDOWS\system32\msvcp71.dll
  2007-08-06 11:58 348,160 –a—— C:\WINDOWS\system32\msvcr71.dll
  2007-08-06 11:58 1,060,864 –a—— C:\WINDOWS\system32\MFC71.dll
  2007-08-06 11:58 <DIR> d——– C:\Program Files\Ipswitch
  2007-08-06 11:58 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Ipswitch
  2007-08-06 11:58 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
  2007-08-06 11:56 <DIR> d—s—- C:\DOCUME~1\Dennis\UserData
  2007-08-05 23:22 <DIR> d——– C:\Program Files\Teamspeak2_RC2
  2007-08-05 23:22 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\teamspeak2
  2007-08-05 22:56 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
  2007-08-05 22:54 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb bolt knob third
  2007-08-05 22:53 <DIR> d——– C:\Program Files\MessengerPlus! 3
  2007-08-05 22:53 <DIR> d——– C:\Program Files\Adverts
  2007-08-05 22:53 <DIR> d——– C:\Program Files\4 meta pure
  2007-08-05 22:53 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\4 meta pure
  2007-08-05 22:53 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\third lies itch ford
  2007-08-05 22:52 <DIR> d——– C:\Program Files\MSN Messenger
  2007-08-05 22:51 <DIR> d——– C:\WINDOWS\SxsCaPendDel
  2007-08-05 18:36 4,682 –a—— C:\WINDOWS\system32\npptNT2.sys
  2007-08-05 18:23 <DIR> d——– C:\Program Files\Google
  2007-08-05 18:23 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Google
  2007-08-05 18:23 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
  2007-08-05 18:23 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
  2007-08-05 18:11 <DIR> d——– C:\Program Files\Gpotato
  2007-08-05 13:11 <DIR> d——– C:\Program Files\CoD RconTool
  2007-08-05 11:37 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
  2007-08-05 11:37 207,736 –a—— C:\WINDOWS\system32\muweb.dll
  2007-08-05 11:37 <DIR> d——– C:\DOCUME~1\Dennis\Contacts
  2007-08-05 11:33 <DIR> d——– C:\Program Files\Windows Live
  2007-08-05 11:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
  2007-08-05 11:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
  2007-08-04 23:45 <DIR> d–h—– C:\WINDOWS\$hf_mig$
  2007-08-04 23:45 <DIR> d——– C:\WINDOWS\system32\PreInstall
  2007-08-04 22:38 <DIR> d——– C:\Program Files\uTorrent
  2007-08-04 22:38 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\uTorrent
  2007-08-04 22:36 <DIR> d——– C:\DOCUME~1\Dennis\Downloads
  2007-08-04 17:14 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Logitech
  2007-08-04 17:09 34,576 –a—— C:\WINDOWS\system32\drivers\LHidFilt.Sys
  2007-08-04 17:09 33,296 –a—— C:\WINDOWS\system32\drivers\LMouFilt.Sys
  2007-08-04 17:09 127,034 -r——- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
  2007-08-04 17:09 101,136 –a—— C:\WINDOWS\KHALMNPR.Exe
  2007-08-04 17:09 1,419,024 –a—— C:\WINDOWS\system32\WdfCoInstaller01005.dll
  2007-08-04 17:09 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
  2007-08-04 17:09 <DIR> d——– C:\WINDOWS\system32\ReinstallBackups
  2007-08-04 17:08 69,632 –a—— C:\WINDOWS\system32\KemXML.dll
  2007-08-04 17:08 163,840 –a—— C:\WINDOWS\system32\kemutb.dll
  2007-08-04 17:08 135,168 –a—— C:\WINDOWS\system32\KemUtil.dll
  2007-08-04 17:08 110,592 –a—— C:\WINDOWS\system32\KemWnd.dll
  2007-08-04 17:08 <DIR> d——– C:\Program Files\Logitech
  2007-08-04 17:08 <DIR> d——– C:\Program Files\Common Files\Logitech
  2007-08-04 17:08 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
  2007-08-04 16:59 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
  2007-08-04 16:59 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-08-05 15:05 8972 –a—— C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
  2007-08-05 15:05 2378 –a—— C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
  2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
  2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
  2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
  2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
  2007-07-13 16:46 61440 –a—— C:\WINDOWS\system32\gzmrotate.dll
  2007-06-29 00:43 8466432 –a—— C:\WINDOWS\system32\nvcpl.dll
  2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32\nvwddi.dll
  2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32\nvmctray.dll
  2007-06-29 00:43 753664 –a—— C:\WINDOWS\system32\nvcplui.exe
  2007-06-29 00:43 6807328 –a—— C:\WINDOWS\system32\drivers\nv4_mini.sys
  2007-06-29 00:43 6729728 –a—— C:\WINDOWS\system32\nvoglnt.dll
  2007-06-29 00:43 6234112 –a—— C:\WINDOWS\system32\nvdisps.dll
  2007-06-29 00:43 5690624 –a—— C:\WINDOWS\system32\nv4_disp.dll
  2007-06-29 00:43 5455872 –a—— C:\WINDOWS\system32\nvdispsr.dll
  2007-06-29 00:43 466944 –a—— C:\WINDOWS\system32\nvshell.dll
  2007-06-29 00:43 458752 –a—— C:\WINDOWS\system32\nvmccssr.dll
  2007-06-29 00:43 45056 –a—— C:\WINDOWS\system32\nvmccsrs.dll
  2007-06-29 00:43 442368 –a—— C:\WINDOWS\system32\nvappbar.exe
  2007-06-29 00:43 425984 –a—— C:\WINDOWS\system32\keystone.exe
  2007-06-29 00:43 37376 –a—— C:\WINDOWS\system32\nvcodins.dll
  2007-06-29 00:43 37376 –a—— C:\WINDOWS\system32\nvcod.dll
  2007-06-29 00:43 360448 –a—— C:\WINDOWS\system32\nvapi.dll
  2007-06-29 00:43 3600384 –a—— C:\WINDOWS\system32\nvvitvsr.dll
  2007-06-29 00:43 3518464 –a—— C:\WINDOWS\system32\nvvitvs.dll
  2007-06-29 00:43 3321856 –a—— C:\WINDOWS\system32\nvgames.dll
  2007-06-29 00:43 3072000 –a—— C:\WINDOWS\system32\nvgamesr.dll
  2007-06-29 00:43 307200 –a—— C:\WINDOWS\system32\nvexpbar.dll
  2007-06-29 00:43 286720 –a—— C:\WINDOWS\system32\nvnt4cpl.dll
  2007-06-29 00:43 2854912 –a—— C:\WINDOWS\system32\nvmoblsr.dll
  2007-06-29 00:43 2416640 –a—— C:\WINDOWS\system32\nvwssr.dll
  2007-06-29 00:43 2330624 –a—— C:\WINDOWS\system32\nvwss.dll
  2007-06-29 00:43 229376 –a—— C:\WINDOWS\system32\nvmccs.dll
  2007-06-29 00:43 188416 –a—— C:\WINDOWS\system32\nvmccss.dll
  2007-06-29 00:43 1703936 –a—— C:\WINDOWS\system32\nvwdmcpl.dll
  2007-06-29 00:43 1626112 –a—— C:\WINDOWS\system32\nwiz.exe
  2007-06-29 00:43 155716 –a—— C:\WINDOWS\system32\nvsvc32.exe
  2007-06-29 00:43 1474560 –a—— C:\WINDOWS\system32\nview.dll
  2007-06-29 00:43 147456 –a—— C:\WINDOWS\system32\nvcolor.exe
  2007-06-29 00:43 1339392 –a—— C:\WINDOWS\system32\nvdspsch.exe
  2007-06-29 00:43 1142784 –a—— C:\WINDOWS\system32\nvmobls.dll
  2007-06-29 00:43 1073152 –a—— C:\WINDOWS\system32\nvcpluir.dll
  2007-06-29 00:43 1019904 –a—— C:\WINDOWS\system32\nvwimg.dll
  2007-06-29 00:43 1018772 –a—— C:\WINDOWS\system32\nvucode.bin
  2007-06-26 08:10 1104896 –a—— C:\WINDOWS\system32\msxml3.dll
  2007-06-19 15:33 282112 –a—— C:\WINDOWS\system32\gdi32.dll
  2007-06-13 15:24 1036800 –a—— C:\WINDOWS\explorer.exe


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
  2007-07-13 16:46 61440 –a—— C:\WINDOWS\system32\gzmrotate.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
  "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
  "SigmatelSysTrayApp"="sttray.exe" []
  "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
  "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
  "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
  "Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\okay enc.exe" [2007-08-24 20:01]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
  "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:23]
  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
  "rdrrule"="C:\DOCUME~1\LOCALS~1\APPLIC~1\4METAP~1\Audio browse wipe.exe" [2007-08-05 22:53]
  "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
  "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 20:28]

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"  **************************************************************************

  catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-08-24 20:01:19
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************

  Completion time: 2007-08-24 20:01:58 - machine was rebooted
  C:\ComboFix-quarantined-files.txt … 2007-08-24 20:01

  — E O F —


  Deljob Log:
  ——————————————————–
  File(s) moved to C:\deljob

  AECB1FB5918492B1.job
  ——————————————————–
  Files remaining after cleaning

  ——————————————————–
  App data folders

  Het volume in station C heeft geen naam.
  Het volumenummer is 5407-D9C7

  Map van C:\Documents and Settings\Dennis\Application Data

  15-09-2007 22:15 <DIR> .
  15-09-2007 22:15 <DIR> ..
  10-09-2007 17:11 <DIR> Adobe
  15-09-2007 10:46 <DIR> AVG7
  30-08-2007 14:34 <DIR> BSplayer
  25-08-2007 19:20 <DIR> BSPLAY~1 BSplayer Pro
  08-09-2007 21:17 <DIR> Corel
  29-08-2007 14:05 <DIR> DivX
  14-08-2007 20:30 <DIR> DOWNLO~1 Download Manager
  22-08-2007 16:08 <DIR> Google
  15-09-2007 22:18 <DIR> Hamachi
  04-08-2007 15:03 <DIR> IDENTI~1 Identities
  06-08-2007 11:58 <DIR> Ipswitch
  19-08-2007 00:19 <DIR> LIMEWI~1 LimeWirePlus
  04-08-2007 17:14 <DIR> Logitech
  05-08-2007 18:16 <DIR> MACROM~1 Macromedia
  25-08-2007 19:55 <DIR> MEDIAP~1 Media Player Classic
  15-09-2007 19:48 <DIR> MICROS~1 Microsoft
  13-09-2007 17:58 <DIR> Mozilla
  22-08-2007 18:29 <DIR> NASA
  24-08-2007 18:27 <DIR> PCTOOL~1 PC Tools
  13-09-2007 18:15 <DIR> SECOND~1 SecondLife
  04-08-2007 15:26 <DIR> SONICF~1 Sonic Focus
  18-08-2007 23:50 <DIR> Sun
  08-09-2007 21:36 <DIR> TEAMSP~1 teamspeak2
  16-08-2007 16:36 <DIR> Ventrilo
  13-09-2007 20:07 <DIR> Xfire
  0 bestand(en) 0 bytes
  27 map(pen) 258.817.806.336 bytes beschikbaar
  Het volume in station C heeft geen naam.
  Het volumenummer is 5407-D9C7

  Map van C:\Documents and Settings\All Users\Application Data

  15-09-2007 22:13 <DIR> .
  15-09-2007 22:13 <DIR> ..
  09-09-2007 00:13 <DIR> Adobe
  09-09-2007 00:13 <DIR> ADOBES~1 Adobe Systems
  15-09-2007 10:46 <DIR> avg7
  26-08-2007 16:28 <DIR> Corel
  21-08-2007 18:43 <DIR> DUMBBO~1 dumb bolt knob third
  05-08-2007 18:23 <DIR> Google
  14-09-2007 18:00 <DIR> GOOGLE~1 Google Updater
  14-09-2007 18:22 <DIR> Grisoft
  06-08-2007 11:58 <DIR> Ipswitch
  04-08-2007 17:08 <DIR> Logitech
  05-08-2007 22:56 <DIR> MESSEN~1 Messenger Plus!
  15-09-2007 20:07 <DIR> MICROS~1 Microsoft
  15-08-2007 23:07 <DIR> MICROS~2 Microsoft Help
  07-09-2007 21:50 <DIR> TEMP
  05-08-2007 11:34 <DIR> WINDOW~1 WindowsLiveInstaller
  05-08-2007 11:33 <DIR> WLINST~1 WLInstaller
  0 bestand(en) 0 bytes
  18 map(pen) 258.817.806.336 bytes beschikbaar
  ——————————————————–

  Dit zijn de logjes.

  Groeten
 • Het gaat vast al beter

  Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:a72ad23715][b:a72ad23715]
 • Ok, het is gelukt hier is de nieuwe combofix log:

  ComboFix 07-09-14.2 - "Dennis" 2007-09-15 22:57:11.3 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1435 [GMT 2:00]
  Command switches used :: C:\Documents and Settings\Dennis\Bureaublad\CFScript.txt
  * Created a new restore point

  FILE::
  C:\WINDOWS\system32\gzmrotate.dll
  .

  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\WINDOWS\system32\gzmrotate.dll

  .
  ((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
  .

  2007-09-15 21:39 2,688 –a–c— C:\WINDOWS\system32\dllcache\hidswvd.sys
  2007-09-15 21:39 2,688 –a—— C:\WINDOWS\system32\drivers\HIDSwvd.sys
  2007-09-15 21:38 59,136 –a–c— C:\WINDOWS\system32\dllcache\gckernel.sys
  2007-09-15 21:38 59,136 –a—— C:\WINDOWS\system32\drivers\GcKernel.sys
  2007-09-15 20:00 <DIR> d——– C:\DOCUME~1\NETWOR~1\APPLIC~1\4 meta pure
  2007-09-15 19:39 <DIR> d——– C:\Program Files\Microsoft Games
  2007-09-15 17:06 <DIR> d——– C:\Program Files\EasyPHP1-8
  2007-09-15 17:00 <DIR> d——– C:\Program Files\MySQL
  2007-09-15 13:11 <DIR> d——– C:\Usb Webserver
  2007-09-15 12:54 361,542,494 –a—— C:\wow-2[1].0.12.6546-to-2.1.0.6692-engb-patch.exe
  2007-09-15 12:37 <DIR> d——– C:\Program Files\Common Files\Blizzard Entertainment
  2007-09-15 11:45 <DIR> d——– C:\Program Files\World of Warcraft Jester's Wow
  2007-09-15 11:44 <DIR> d——– C:\Program Files\Wow Patches
  2007-09-14 22:23 18,944 –a—— C:\WINDOWS\eraser.exe
  2007-09-14 22:23 <DIR> d——– C:\Program Files\LeechFTP
  2007-09-14 21:43 <DIR> d——– C:\WINDOWS\pss
  2007-09-14 16:46 <DIR> d——– C:\deljob
  2007-09-14 16:06 <DIR> d——– C:\Program Files\4 meta pure
  2007-09-13 19:50 <DIR> d——– C:\Program Files\Picasa2
  2007-09-13 18:04 34,438,929 –a—— C:\Second Life 1-18-1-2 Setup.exe
  2007-09-13 17:58 <DIR> d——– C:\Program Files\SecondLife
  2007-09-13 17:58 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\SecondLife
  2007-09-13 17:57 32,528,273 –a—— C:\Second Life 1-18-0-6 Setup.exe
  2007-09-13 15:51 <DIR> d——– C:\Program Files\EPN
  2007-09-13 15:02 <DIR> d——– C:\temp
  2007-09-13 15:02 <DIR> d——– C:\malmberg
  2007-09-09 00:13 <DIR> d——– C:\Program Files\Common Files\Adobe Systems Shared
  2007-09-09 00:13 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
  2007-09-08 23:28 <DIR> d——– C:\Program Files\BearShare Pro
  2007-09-08 23:28 <DIR> d——– C:\DOWNLOADS
  2007-09-08 23:28 <DIR> d——– C:\!Temp
  2007-09-08 23:23 <DIR> d——– C:\Program Files\nik
  2007-09-08 23:19 <DIR> d——– C:\photoshop
  2007-09-08 16:02 86,016 –a—— C:\WINDOWS\system32\OpenAL32.dll
  2007-09-08 16:02 262,144 –a—— C:\WINDOWS\system32\wrap_oal.dll
  2007-09-08 16:01 5,632 –a—— C:\WINDOWS\system32\drivers\Entech64.sys
  2007-09-08 16:01 3,972 –a—— C:\WINDOWS\system32\drivers\PciBus.sys
  2007-09-08 16:01 21,664 –a—— C:\WINDOWS\system32\drivers\Entech.sys
  2007-09-08 16:01 <DIR> d——– C:\WINDOWS\system32\Futuremark
  2007-09-08 15:59 <DIR> d——– C:\Program Files\Futuremark
  2007-09-04 17:46 <DIR> d——– C:\Program Files\EPN werkboek-i
  2007-09-01 23:55 25,544 –a—— C:\WINDOWS\system32\drivers\hamachi.sys
  2007-09-01 23:55 <DIR> d——– C:\Program Files\Hamachi
  2007-09-01 23:55 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Hamachi
  2007-08-29 21:21 695 –a—— C:\WINDOWS\eReg.dat
  2007-08-27 16:16 <DIR> d——– C:\Program Files\DAEMON Tools
  2007-08-27 16:14 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
  2007-08-27 16:02 <DIR> d——– C:\Program Files\GameSpy Arcade
  2007-08-27 16:02 <DIR> d——– C:\Program Files\EA GAMES
  2007-08-26 16:28 472,656 –a—— C:\DOCUME~1\ALLUSE~1\APPLIC~1\pswi_preloaded.exe
  2007-08-26 16:28 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Corel
  2007-08-26 16:28 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
  2007-08-26 16:27 88 -r-hs—- C:\WINDOWS\system32\F96B242822.sys
  2007-08-26 16:27 2,672 –ahs—- C:\WINDOWS\system32\KGyGaAvL.sys
  2007-08-26 16:27 <DIR> d——– C:\Program Files\Corel
  2007-08-26 16:15 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
  2007-08-26 16:14 <DIR> d——– C:\Program Files\Banner Maker Pro 6
  2007-08-25 20:44 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\DivX
  2007-08-25 19:55 765,952 –a—— C:\WINDOWS\system32\xvidcore.dll
  2007-08-25 19:55 180,224 –a—— C:\WINDOWS\system32\xvidvfw.dll
  2007-08-25 19:55 10,752 –a—— C:\WINDOWS\system32\ff_vfw.dll
  2007-08-25 19:55 1,565,480 –a—— C:\WINDOWS\system32\wmv9vcm.dll
  2007-08-25 19:55 <DIR> d——– C:\Program Files\K-Lite Codec Pack
  2007-08-25 19:55 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Media Player Classic
  2007-08-25 19:29 356,352 –a—— C:\WINDOWS\eSellerateEngine.dll
  2007-08-25 19:28 258,352 –a—— C:\WINDOWS\system32\Unicows.dll
  2007-08-25 19:28 <DIR> d——– C:\Program Files\Deskshare
  2007-08-25 19:28 <DIR> d——– C:\Program Files\Common Files\DeskShare Shared
  2007-08-25 19:25 <DIR> d——– C:\Program Files\All Video Converter
  2007-08-25 19:20 <DIR> d——– C:\Program Files\Webteh
  2007-08-25 19:20 <DIR> d——– C:\Program Files\AdVantage
  2007-08-25 19:20 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\BSplayer Pro
  2007-08-25 19:20 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\BSplayer
  2007-08-24 20:04 <DIR> d——– C:\DOCUME~1\Dennis\DoctorWeb
  2007-08-24 19:58 51,200 –a—— C:\WINDOWS\nircmd.exe
  2007-08-24 18:28 <DIR> d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\4 meta pure
  2007-08-24 18:27 82,248 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
  2007-08-24 18:27 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-08-24 18:27 57,672 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
  2007-08-24 18:27 40,264 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
  2007-08-24 18:27 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
  2007-08-24 18:27 <DIR> d——– C:\Program Files\Spyware Doctor
  2007-08-24 18:27 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\PC Tools
  2007-08-24 17:26 <DIR> d——– C:\Program Files\Trend Micro
  2007-08-23 17:41 33,511 –a—— C:\WINDOWS\system32\ninjaext-uninstall.exe
  2007-08-22 18:29 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\NASA
  2007-08-22 18:28 <DIR> d——– C:\Program Files\NASA
  2007-08-22 18:27 <DIR> d——– C:\WINDOWS\system32\URTTemp
  2007-08-20 19:58 75,264 –a—— C:\WINDOWS\system32\ninjaext.dll
  2007-08-19 00:10 <DIR> d–hs—- C:\Program Files\outlook
  2007-08-18 23:54 40,315 –a—— C:\WINDOWS\system32\gzmrot-uninst.exe
  2007-08-18 23:53 55,542 –a—— C:\WINDOWS\system32\adssite-remove.exe
  2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\Incomplete
  2007-08-18 23:50 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\LimeWirePlus
  2007-08-18 23:41 <DIR> d——– C:\Program Files\LimeWire Plus
  2007-08-16 16:35 <DIR> d——– C:\Program Files\Ventrilo
  2007-08-16 16:35 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
  2007-08-16 16:35 <DIR> d——– C:\DOCUME~1\Dennis\APPLIC~1\Ventrilo

  .
  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-09-15 22:30 22328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
  2007-09-15 22:30 103736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
  2007-09-15 20:07 ——— d–h—– C:\Program Files\InstallShield Installation Information
  2007-09-14 18:00 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
  2007-09-14 16:02 ——— d——– C:\Program Files\MSN Messenger
  2007-09-13 20:07 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Xfire
  2007-09-11 15:00 ——— d—s—- C:\Program Files\Xfire
  2007-09-08 21:36 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\teamspeak2
  2007-09-07 17:44 ——— d——– C:\Program Files\Rcon4Cod2
  2007-08-31 22:18 ——— d——– C:\Program Files\mIRC
  2007-08-29 16:09 ——— d——– C:\Program Files\Common Files\InstallShield
  2007-08-27 16:12 28400 –a—— C:\WINDOWS\system32\drivers\secdrv.sys
  2007-08-25 20:43 ——— d——– C:\Program Files\DivX
  2007-08-24 19:24 ——— d——– C:\Program Files\Adverts
  2007-08-22 16:08 ——— d——– C:\Program Files\Google
  2007-08-22 16:08 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Google
  2007-08-21 18:43 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\dumb bolt knob third
  2007-08-15 23:07 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
  2007-08-14 20:30 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Download Manager
  2007-08-12 22:38 ——— d——– C:\Program Files\Rcon Unlimited
  2007-08-12 22:37 286720 –a—— C:\WINDOWS\iun506.exe
  2007-08-12 17:21 73216 –a—— C:\WINDOWS\ST6UNST.EXE
  2007-08-12 17:21 286720 ——— C:\WINDOWS\Setup1.exe
  2007-08-12 14:29 ——— d——– C:\Program Files\FileZilla
  2007-08-10 21:15 ——— d——– C:\Program Files\VALVe
  2007-08-09 18:47 ——— d——– C:\Program Files\MSBuild
  2007-08-09 18:47 ——— d——– C:\Program Files\Microsoft Works
  2007-08-09 15:07 ——— d——– C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
  2007-08-07 11:52 ——— d——– C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
  2007-08-06 11:58 ——— d——– C:\Program Files\Ipswitch
  2007-08-06 11:58 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Ipswitch
  2007-08-06 11:58 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
  2007-08-05 23:22 ——— d——– C:\Program Files\Teamspeak2_RC2
  2007-08-05 22:56 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
  2007-08-05 22:53 ——— d——– C:\Program Files\MessengerPlus! 3
  2007-08-05 18:23 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
  2007-08-05 18:11 ——— d——– C:\Program Files\Gpotato
  2007-08-05 13:11 ——— d——– C:\Program Files\CoD RconTool
  2007-08-05 11:34 ——— d——– C:\Program Files\Windows Live
  2007-08-05 11:34 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
  2007-08-05 11:33 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
  2007-08-04 17:14 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Logitech
  2007-08-04 17:09 127034 -r——- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
  2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
  2007-08-04 17:09 0 –ah—– C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
  2007-08-04 17:09 ——— d——– C:\Program Files\Logitech
  2007-08-04 17:09 ——— d——– C:\Program Files\Common Files\Logitech
  2007-08-04 17:08 ——— d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
  2007-08-04 16:59 66872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
  2007-08-04 16:10 ——— d——– C:\Program Files\Activision
  2007-08-04 15:26 ——— d——– C:\DOCUME~1\Dennis\APPLIC~1\Sonic Focus
  2007-08-04 15:21 ——— d——– C:\Program Files\Intel Audio Studio
  2007-08-04 15:20 ——— d——– C:\Program Files\SigmaTel
  2007-08-04 15:05 ——— d——– C:\Program Files\MSXML 4.0
  2007-08-04 15:00 ——— d——– C:\Program Files\microsoft frontpage
  2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
  2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
  2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
  2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
  2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
  2007-07-30 19:19 271224 –a—— C:\WINDOWS\system32\mucltui.dll
  2007-07-30 19:19 207736 –a—— C:\WINDOWS\system32\muweb.dll
  2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
  2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
  2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
  2007-07-26 05:06 144704 –a—— C:\WINDOWS\system32\DivXCodecVersionChecker.exe
  2007-07-26 04:53 9464 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
  2007-07-26 04:53 9336 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
  2007-07-26 04:53 524288 –a—— C:\WINDOWS\system32\DivXsm.exe
  2007-07-26 04:53 43528 ——— C:\WINDOWS\system32\drivers\PxHelp20.sys
  2007-07-26 04:53 3596288 –a—— C:\WINDOWS\system32\qt-dx331.dll
  2007-07-26 04:53 200704 –a—— C:\WINDOWS\system32\ssldivx.dll
  2007-07-26 04:53 129784 ——— C:\WINDOWS\system32\pxafs.dll
  2007-07-26 04:53 120056 ——— C:\WINDOWS\system32\pxcpyi64.exe
  2007-07-26 04:53 118520 ——— C:\WINDOWS\system32\pxinsi64.exe
  2007-07-26 04:53 1044480 –a—— C:\WINDOWS\system32\libdivx.dll
  2007-07-26 04:50 823296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
  2007-07-26 04:50 823296 –a—— C:\WINDOWS\system32\divx_xx07.dll
  2007-07-26 04:50 81920 –a—— C:\WINDOWS\system32\dpl100.dll
  2007-07-26 04:50 802816 –a—— C:\WINDOWS\system32\divx_xx11.dll
  2007-07-26 04:50 740442 –a—— C:\WINDOWS\system32\DivX.dll
  2007-07-26 04:50 593920 –a—— C:\WINDOWS\system32\dpuGUI11.dll
  2007-07-26 04:50 57344 –a—— C:\WINDOWS\system32\dpv11.dll
  2007-07-26 04:50 53248 –a—— C:\WINDOWS\system32\dpuGUI10.dll
  2007-07-26 04:50 344064 –a—— C:\WINDOWS\system32\dpus11.dll
  2007-07-26 04:50 294912 –a—— C:\WINDOWS\system32\dpu11.dll
  2007-07-26 04:50 294912 –a—— C:\WINDOWS\system32\dpu10.dll
  2007-07-26 04:50 196608 –a—— C:\WINDOWS\system32\dtu100.dll
  2007-07-26 04:49 12288 –a—— C:\WINDOWS\system32\DivXWMPExtType.dll
  2007-06-29 00:43 8466432 –a—— C:\WINDOWS\system32\nvcpl.dll
  2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32\nvwddi.dll
  2007-06-29 00:43 81920 –a—— C:\WINDOWS\system32\nvmctray.dll
  2007-06-29 00:43 753664 –a—— C:\WINDOWS\system32\nvcplui.exe
  2007-06-29 00:43 6729728 –a—— C:\WINDOWS\system32\nvoglnt.dll
  2007-06-29 00:43 6234112 –a—— C:\WINDOWS\system32\nvdisps.dll
  2007-06-29 00:43 5690624 –a—— C:\WINDOWS\system32\nv4_disp.dll
  2007-06-29 00:43 5455872 –a—— C:\WINDOWS\system32\nvdispsr.dll
  2007-06-29 00:43 466944 –a—— C:\WINDOWS\system32\nvshell.dll
  2007-06-29 00:43 458752 –a—— C:\WINDOWS\system32\nvmccssr.dll
  2007-06-29 00:43 45056 –a—— C:\WINDOWS\system32\nvmccsrs.dll
  .

  ((((((((((((((((((((((((((((( snapshot_2007-09-15_220034,17 )))))))))))))))))))))))))))))))))))))))))
  .
  —-a-w 273,376 2007-09-15 20:06:42 C:\WINDOWS\system32\FNTCACHE.DAT
  .
  —-a-w 269,392 2007-09-09 14:50:19 C:\WINDOWS\system32\FNTCACHE.DAT
  .
  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  .

  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
  "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
  "SigmatelSysTrayApp"="sttray.exe" []
  "IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
  "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
  "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
  "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 18:22]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:23]
  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
  "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-05 22:53]
  "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06]
  "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 22:48]
  "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

  C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
  Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
  Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
  Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-05 18:23:12]
  Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-04 17:13:03]
  Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-04 17:12:39]
  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

  C:\DOCUME~1\Dennis\MENUST~1\PROGRA~1\OPSTAR~1\
  Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
  hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-09-01 23:55:18]

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
  "WLSetupSvc"=3 (0x3)
  "usnjsvc"=3 (0x3)
  "sdCoreService"=3 (0x3)
  "sdAuxService"=3 (0x3)
  "ose"=3 (0x3)
  "odserv"=3 (0x3)
  "gusvc"=2 (0x2)
  "Adobe LM Service"=3 (0x3)

  S3 GcKernel;Microsoft SideWinder Value Add - Filterstuurprogramma;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
  S3 HIDSwvd;Mini-stuurprogramma voor virtueel HID-apparaat van Microsoft SideWinder;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

  .
  **************************************************************************

  catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-09-15 22:59:38
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************
  .
  Completion time: 2007-09-15 23:00:09 - machine was rebooted
  C:\ComboFix-quarantined-files.txt … 2007-09-15 23:00
  C:\ComboFix2.txt … 2007-09-15 22:00
  C:\ComboFix3.txt … 2007-08-24 20:01
  .
  — E O F —

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.