Archief - Log 19/04

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

2 many soldiers

Legacy Member
Soms gaat mijn laptop verschrikkelijk traag en reageert hij amper of niets op wat ik doet. Meestal staat het cpu-verbruik zeer hoog en zuipt hij ook veel geheugen. Soms doet hij dit al als ik gewoon iets download van internet. Het irritantste is dat de blazer van de computer dan aanspringt en veel lawaai begint te maken.

Hier mijn log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:27, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2007 DVD\EDICT.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hpbpro.exe
C:\WINDOWS\system32\hpboid.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mijn.groept.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [E07NXLRD_544359] "C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=Q306&bd=pavilion&pf=laptop
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Program Files\dopewars-1.5.12\dopewars.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10615 bytes

Juisterr

Legacy Member
Ik zou mij meer zorgen maken als de fan het niet zou doen.

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

2 many soldiers

Legacy Member
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jonas Vandervelde\Application Data\Microsoft\SystemCertificates\Request
c:\windows\system32\_000008_.tmp.dll
D:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-03-21 to 2009-04-21 ))))))))))))))))))))))))))))))
.

2009-04-19 20:52 . 2009-04-19 20:52 -------- d-----w c:\documents and settings\Gast\Application Data\Locktime
2009-04-19 09:10 . 2009-04-19 09:10 -------- d-----w c:\program files\Trend Micro
2009-04-15 08:35 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:35 . 2009-03-06 14:23 285696 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:35 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 08:35 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:35 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:35 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 08:35 . 2009-02-09 10:56 734208 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:35 . 2009-02-09 10:56 684544 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:35 . 2009-02-09 10:56 735744 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:35 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:33 . 2009-03-27 06:59 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 08:33 . 2008-04-21 21:16 218624 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 11:55 . 2009-04-13 11:55 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Apple Computer
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\Apple
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\program files\Apple Software Update
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-13 11:53 . 2009-04-13 11:53 -------- d-----w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\Apple Computer

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 20:51 . 2006-12-15 13:43 82328 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 11:47 . 2006-03-27 08:46 83628 ----a-w c:\windows\system32\perfc013.dat
2009-04-16 11:47 . 2006-03-27 08:46 472400 ----a-w c:\windows\system32\perfh013.dat
2009-04-13 11:54 . 2007-02-08 10:24 -------- d-----w c:\program files\QuickTime
2009-03-24 23:30 . 2008-02-28 18:42 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Hamachi
2009-03-21 14:09 . 2009-03-21 14:09 1030656 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 10:51 . 2009-03-21 10:49 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\ZoomBrowser EX
2009-03-21 10:49 . 2009-03-21 10:47 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\CameraWindowDC
2009-03-21 10:47 . 2009-03-21 10:47 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\CANON INC
2009-03-21 10:36 . 2009-03-21 10:34 -------- d-----w c:\program files\Canon
2009-03-21 10:35 . 2009-03-21 10:35 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-03-21 10:32 . 2009-03-21 10:32 -------- d-----w c:\program files\Common Files\Canon
2009-03-08 20:57 . 2009-03-08 20:57 -------- d-----w c:\program files\IGC
2009-03-08 20:57 . 2006-09-13 21:49 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 13:11 . 2008-02-18 19:08 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\dvdcss
2009-03-07 23:24 . 2006-09-13 21:49 -------- d-----w c:\program files\Google
2009-03-07 23:20 . 2007-12-08 14:54 -------- d-----w c:\program files\Spyware Doctor
2009-03-07 14:36 . 2007-12-08 14:36 -------- d-----w c:\program files\Hitman Pro
2009-03-07 14:33 . 2007-12-09 10:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 13:00 . 2007-12-08 14:50 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 12:23 . 2006-09-14 17:24 -------- d-----w c:\program files\ESET
2009-03-07 12:14 . 2007-11-13 11:49 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-07 12:06 . 2007-12-08 14:50 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-07 12:05 . 2007-12-08 14:49 -------- d-----w c:\program files\SpywareBlaster
2009-03-07 12:01 . 2009-03-07 12:01 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-07 12:01 . 2009-03-07 12:01 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-07 12:01 . 2009-03-07 12:01 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-07 11:29 . 2009-03-03 15:50 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Creative
2009-03-07 11:08 . 2009-03-03 15:36 -------- d-----w c:\program files\Creative
2009-03-06 14:23 . 2004-08-04 21:00 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 18:13 . 2007-09-11 14:24 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Azureus
2009-03-03 18:10 . 2009-02-04 14:43 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\uTorrent
2009-03-03 15:57 . 2009-03-03 15:57 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Red Chair Software
2009-03-03 15:57 . 2009-03-03 15:57 -------- d-----w c:\program files\Red Chair Software
2009-03-03 15:50 . 2009-03-03 15:49 -------- d--h--w c:\program files\Creative Installation Information
2009-03-03 15:49 . 2009-03-03 15:49 -------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-03-03 15:49 . 2009-03-03 15:49 -------- d-----w c:\program files\Common Files\Creative
2009-03-02 23:12 . 2008-06-26 08:14 1499136 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 08:12 . 2008-06-23 15:12 3089408 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 08:12 . 2008-06-26 08:14 620032 ------w c:\windows\system32\dllcache\urlmon.dll
2009-02-20 08:12 . 2008-06-23 15:12 669184 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-20 08:12 . 2004-08-04 21:00 669184 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2009-02-20 08:12 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-02-20 08:12 . 2004-08-04 21:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:10 . 2008-11-08 12:20 2070400 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:08 . 2008-11-08 12:20 1846912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:08 . 2004-08-04 21:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2008-11-08 12:20 2193408 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:27 . 2008-11-08 12:20 2028544 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:27 . 2004-08-04 21:00 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2008-11-08 12:20 2149888 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:27 . 2004-08-04 21:00 2149888 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2004-08-04 21:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-04 21:00 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-04 21:00 684544 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-04 21:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-04 21:00 735744 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-04 21:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-04 21:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-15 11:13 . 2006-11-27 19:32 82328 ----a-w c:\documents and settings\Jonas Vandervelde\Application Data\GDIPFONTCACHEV1.DAT
2008-12-06 17:03 . 2006-09-13 13:20 82328 ----a-w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-12-15 13:44 . 2006-12-15 13:43 127 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\fusioncache.dat
2006-11-28 17:26 . 2006-11-28 17:26 0 ----a-w c:\documents and settings\Jonas Vandervelde\Application Data\wklnhst.dat
2006-09-17 09:18 . 2006-09-17 09:18 151552 ----a-w c:\program files\WLMUniversalPatcherPlusPlus092.exe
2006-09-13 13:21 . 2006-09-13 13:20 140 ----a-w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\fusioncache.dat
2004-03-15 17:2004-03-15 17:51 51:20 . c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-20 5724184]
"E07NXLRD_544359"="c:\program files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2007 DVD\EDICT.EXE" [2006-06-14 351000]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-12 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-09-27 2635472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 921600]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jonas Vandervelde\Menu Start\Programma's\Opstarten\
Battery Doubler.lnk - c:\program files\Dachshund Software\Battery Doubler\Battery Doubler.exe [2002-9-21 1534267]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 NIVIUSBK;NI-VISA USB Driver; [x]
R3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe [2008-09-24 301056]
R3 niemrkw;niemrkw; [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-11-02 311112]
R3 usb6xxxkw;usb6xxxkw; [x]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a8dd412-4ffb-11dc-b9a9-001302b0f099}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c94e19c-96d6-11dc-b9ce-001302b0f099}]
\Shell\AutoRun\command - G:\AllwaySync'n'Go.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60f7ca9-a6ad-11dd-ba0f-0016d43cb293}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mijn.groept.be/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 13:11
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E663C4D4A13CBE71D5760B101BB839A0844AA3DE52E86532CA7764F10DE5B487C068EFA95C78DDCDF82769F8E1C3550652E7AF9F2746576AD5F83AB5859E031D1F6EF17E992F85A768A9AD974E06CFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DFEBC9E127BECC74CA6A0AC4980AC793310CAE9F7BB4F2A0C3AF6ECB76B160651125ADC946C7AAAF00FC3AC0F35B0A3489682DDC3F519866903650BE0BBCA5BD56AC6B5A76925DFCAC7AC707D05F70F9868764D9148BAFC0EA91B270A145087750FFB354F9B62CF1D1C3AECD2F9C408F00CAF3AFC80698BA54C640119656E557550A4F4D639AA31E531993964325ED0A89CFB59863FE1A18019CF8B54F8EF00BC9332C5724FFA2D47BFBCA26C9E14A03B49EE94917C62231255AFEC68672639D95358AB363D54E10797D7A90A03B7244855DE89E3002C6772599B7EE7A063A57E9A0FDB9BB5B961101B64023FF99D78901A640A2B68083C5D91EFCF4467005F7D0D92457F42B432ED409F94F16E20B1FC00DE1AF4263EDF347ECAA258D15872515E6304243D52CD54908AFE6D229CD617866F75B5029F8778B20F6F5FCB4ADF95D7466EAF57A3A299AAEA105FA9F4E28E43FC88C413FD5AD2D8E45FF813B99C8C58C10A29923C92B5C2C84EDBED8EC3B6DA31745DC72F74112BB650ABBA11921B4F2313FEC935F3489C716FD62BD35E048AFA8F1DE28FE620F9B3565E2AB71FC843F9F903A5AB8F1292F662AB72328794A08CE18A79FBB496ABCEB6DD9B2191C3CC1BE0EB29BFA57A15AEC799A99A0D26015BAB8B75D6D52BB7BFEC5A1DBE305B999D20CF251566092430F1C107832B1BA2A05B6B930AB7B8A802A6681388B306E95E43AFC156F7ED58D96BAB99E5967A105D98D9E6FCB7C0A0D3C600337A49DC957E09EAFC2F757AD94D704142BFF5EE69503C6BD41FADE65339E37E0815119C0360E5C524CF6C24E66E7050B392E4486203D39417E3DDF209F7C824715A22A4B02C016C5D6EDD0553E5118C78647079413D21B23CC186501D1D7314A0D103FA2F5036EA9EC1C0DA85A22A8BECBD1E18628D990524B2D60F027516D79E0A32C825F914B2B3877F0875554947C12EE3DFB3C6E6AF073573633A96985CC38FA0DACA205E19BC017791B3722E1F7C46ACB0B9FE65386CCDF225DED694EFC0F6B2A1EE790E57AE717B2261B3CC55F39B570B0B8F288BB30063CF9BD058C91758C2B2F0014D0B4FA1D008B5954E8F5748B618D29774F78CD94405B0E2E77F9D4E1CC5C5F87C36BBDEB134795A10D8A5E81221507842B200E709857332F78F80F90139F8E42E3D637A4B3C8B86211F33202596D7D84151653D99BBCA2573D93DFE260C268CAAE90A4741DB6063C7352B141F8A4F"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Voltooingstijd: 2009-04-21 13:12
ComboFix-quarantined-files.txt 2009-04-21 11:12

Pre-Run: 15.706.517.504 bytes beschikbaar
Post-Run: 16.198.713.344 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot

219 --- E O F --- 2009-04-16 08:15

Juisterr

Legacy Member
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


  • Driver::
    NIVIUSBK
    niemrkw
    usb6xxxkw
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3a8dd412-4ffb-11dc-b9a9-001302b0f099}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9c94e19c-96d6-11dc-b9ce-001302b0f099}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d60f7ca9-a6ad-11dd-ba0f-0016d43cb293}]

Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScript.gif


Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

2 many soldiers

Legacy Member
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_niemrkw
-------\Service_NIVIUSBK
-------\Service_usb6xxxkw


(((((((((((((((((((( Bestanden Gemaakt van 2009-03-24 to 2009-04-24 ))))))))))))))))))))))))))))))
.

2009-04-19 20:52 . 2009-04-19 20:52 -------- d-----w c:\documents and settings\Gast\Application Data\Locktime
2009-04-19 09:10 . 2009-04-19 09:10 -------- d-----w c:\program files\Trend Micro
2009-04-15 08:35 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:35 . 2009-03-06 14:23 285696 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:35 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 08:35 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:35 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:35 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 08:35 . 2009-02-09 10:56 734208 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:35 . 2009-02-09 10:56 684544 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:35 . 2009-02-09 10:56 735744 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:35 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:33 . 2009-03-27 06:59 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 08:33 . 2008-04-21 21:16 218624 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 11:55 . 2009-04-13 11:55 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Apple Computer
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\Apple
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\program files\Apple Software Update
2009-04-13 11:54 . 2009-04-13 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-13 11:53 . 2009-04-13 11:53 -------- d-----w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\Apple Computer

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 20:13 . 2006-03-27 08:46 83628 ----a-w c:\windows\system32\perfc013.dat
2009-04-21 20:13 . 2006-03-27 08:46 472400 ----a-w c:\windows\system32\perfh013.dat
2009-04-19 20:51 . 2006-12-15 13:43 82328 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 11:54 . 2007-02-08 10:24 -------- d-----w c:\program files\QuickTime
2009-03-24 23:30 . 2008-02-28 18:42 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Hamachi
2009-03-21 14:09 . 2009-03-21 14:09 1030656 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 10:51 . 2009-03-21 10:49 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\ZoomBrowser EX
2009-03-21 10:49 . 2009-03-21 10:47 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\CameraWindowDC
2009-03-21 10:47 . 2009-03-21 10:47 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\CANON INC
2009-03-21 10:36 . 2009-03-21 10:34 -------- d-----w c:\program files\Canon
2009-03-21 10:35 . 2009-03-21 10:35 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-03-21 10:32 . 2009-03-21 10:32 -------- d-----w c:\program files\Common Files\Canon
2009-03-08 20:57 . 2009-03-08 20:57 -------- d-----w c:\program files\IGC
2009-03-08 20:57 . 2006-09-13 21:49 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 13:11 . 2008-02-18 19:08 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\dvdcss
2009-03-07 23:24 . 2006-09-13 21:49 -------- d-----w c:\program files\Google
2009-03-07 23:20 . 2007-12-08 14:54 -------- d-----w c:\program files\Spyware Doctor
2009-03-07 14:36 . 2007-12-08 14:36 -------- d-----w c:\program files\Hitman Pro
2009-03-07 14:33 . 2007-12-09 10:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 13:00 . 2007-12-08 14:50 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 12:23 . 2006-09-14 17:24 -------- d-----w c:\program files\ESET
2009-03-07 12:14 . 2007-11-13 11:49 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-07 12:06 . 2007-12-08 14:50 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-07 12:05 . 2007-12-08 14:49 -------- d-----w c:\program files\SpywareBlaster
2009-03-07 12:01 . 2009-03-07 12:01 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-07 12:01 . 2009-03-07 12:01 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-07 12:01 . 2009-03-07 12:01 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-07 11:29 . 2009-03-03 15:50 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Creative
2009-03-07 11:08 . 2009-03-03 15:36 -------- d-----w c:\program files\Creative
2009-03-06 14:23 . 2004-08-04 21:00 285696 ----a-w c:\windows\system32\pdh.dll
2009-03-03 18:13 . 2007-09-11 14:24 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Azureus
2009-03-03 18:10 . 2009-02-04 14:43 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\uTorrent
2009-03-03 15:57 . 2009-03-03 15:57 -------- d-----w c:\documents and settings\Jonas Vandervelde\Application Data\Red Chair Software
2009-03-03 15:57 . 2009-03-03 15:57 -------- d-----w c:\program files\Red Chair Software
2009-03-03 15:50 . 2009-03-03 15:49 -------- d--h--w c:\program files\Creative Installation Information
2009-03-03 15:49 . 2009-03-03 15:49 -------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-03-03 15:49 . 2009-03-03 15:49 -------- d-----w c:\program files\Common Files\Creative
2009-03-02 23:12 . 2008-06-26 08:14 1499136 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 08:12 . 2008-06-23 15:12 3089408 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 08:12 . 2008-06-26 08:14 620032 ------w c:\windows\system32\dllcache\urlmon.dll
2009-02-20 08:12 . 2008-06-23 15:12 669184 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-20 08:12 . 2004-08-04 21:00 669184 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:12 . 2009-02-20 08:12 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-02-20 08:12 . 2004-08-04 21:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:10 . 2008-11-08 12:20 2070400 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:08 . 2008-11-08 12:20 1846912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:08 . 2004-08-04 21:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:27 . 2008-11-08 12:20 2193408 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:27 . 2008-11-08 12:20 2028544 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:27 . 2004-08-04 21:00 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:27 . 2008-11-08 12:20 2149888 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:27 . 2004-08-04 21:00 2149888 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:27 . 2004-08-04 21:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2004-08-04 21:00 734208 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2004-08-04 21:00 684544 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2004-08-04 21:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2004-08-04 21:00 735744 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-04 21:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-04 21:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-15 11:13 . 2006-11-27 19:32 82328 ----a-w c:\documents and settings\Jonas Vandervelde\Application Data\GDIPFONTCACHEV1.DAT
2008-12-06 17:03 . 2006-09-13 13:20 82328 ----a-w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-12-15 13:44 . 2006-12-15 13:43 127 ----a-w c:\documents and settings\Gast\Local Settings\Application Data\fusioncache.dat
2006-11-28 17:26 . 2006-11-28 17:26 0 ----a-w c:\documents and settings\Jonas Vandervelde\Application Data\wklnhst.dat
2006-09-17 09:18 . 2006-09-17 09:18 151552 ----a-w c:\program files\WLMUniversalPatcherPlusPlus092.exe
2006-09-13 13:21 . 2006-09-13 13:20 140 ----a-w c:\documents and settings\Jonas Vandervelde\Local Settings\Application Data\fusioncache.dat
2004-03-15 17:2004-03-15 17:51 51:20 . c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-21_11.11.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 20:10 . 2009-04-24 19:21 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-24 19:20 . 2009-04-24 19:20 16384 c:\windows\Temp\Perflib_Perfdata_188.dat
+ 2009-04-21 20:10 . 2009-04-24 19:21 32768 c:\windows\Temp\Geschiedenis\History.IE5\index.dat
+ 2009-04-21 20:10 . 2009-04-24 19:21 16384 c:\windows\Temp\Cookies\index.dat
+ 2006-03-27 08:46 . 2009-04-21 20:13 63862 c:\windows\system32\perfc009.dat
- 2006-03-27 08:46 . 2009-04-16 11:47 63862 c:\windows\system32\perfc009.dat
+ 2006-03-27 08:46 . 2009-04-21 20:13 406662 c:\windows\system32\perfh009.dat
- 2006-03-27 08:46 . 2009-04-16 11:47 406662 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-20 5724184]
"E07NXLRD_544359"="c:\program files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2007 DVD\EDICT.EXE" [2006-06-14 351000]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-12 4608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-09-27 2635472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-19 921600]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-18 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jonas Vandervelde\Menu Start\Programma's\Opstarten\
Battery Doubler.lnk - c:\program files\Dachshund Software\Battery Doubler\Battery Doubler.exe [2002-9-21 1534267]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe [2008-09-24 301056]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-11-02 311112]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a8dd412-4ffb-11dc-b9a9-001302b0f099}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c94e19c-96d6-11dc-b9ce-001302b0f099}]
\Shell\AutoRun\command - G:\AllwaySync'n'Go.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60f7ca9-a6ad-11dd-ba0f-0016d43cb293}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://mijn.groept.be/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E663C4D4A13CBE71D5760B101BB839A0844AA3DE52E86532CA7764F10DE5B487C068EFA95C78DDCDF82769F8E1C3550652E7AF9F2746576AD5F83AB5859E031D1F6EF17E992F85A768A9AD974E06CFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DFEBC9E127BECC74CA6A0AC4980AC793310CAE9F7BB4F2A0C3AF6ECB76B160651125ADC946C7AAAF00FC3AC0F35B0A3489682DDC3F519866903650BE0BBCA5BD56AC6B5A76925DFCAC7AC707D05F70F9868764D9148BAFC0EA91B270A145087750FFB354F9B62CF1D1C3AECD2F9C408F00CAF3AFC80698BA54C640119656E557550A4F4D639AA31E531993964325ED0A89CFB59863FE1A18019CF8B54F8EF00BC9332C5724FFA2D47BFBCA26C9E14A03B49EE94917C62231255AFEC68672639D95358AB363D54E10797D7A90A03B7244855DE89E3002C6772599B7EE7A063A57E9A0FDB9BB5B961101B64023FF99D78901A640A2B68083C5D91EFCF4467005F7D0D92457F42B432ED409F94F16E20B1FC00DE1AF4263EDF347ECAA258D15872515E6304243D52CD54908AFE6D229CD617866F75B5029F8778B20F6F5FCB4ADF95D7466EAF57A3A299AAEA105FA9F4E28E43FC88C413FD5AD2D8E45FF813B99C8C58C10A29923C92B5C2C84EDBED8EC3B6DA31745DC72F74112BB650ABBA11921B4F2313FEC935F3489C716FD62BD35E048AFA8F1DE28FE620F9B3565E2AB71FC843F9F903A5AB8F1292F662AB72328794A08CE18A79FBB496ABCEB6DD9B2191C3CC1BE0EB29BFA57A15AEC799A99A0D26015BAB8B75D6D52BB7BFEC5A1DBE305B999D20CF251566092430F1C107832B1BA2A05B6B930AB7B8A802A6681388B306E95E43AFC156F7ED58D96BAB99E5967A105D98D9E6FCB7C0A0D3C600337A49DC957E09EAFC2F757AD94D704142BFF5EE69503C6BD41FADE65339E37E0815119C0360E5C524CF6C24E66E7050B392E4486203D39417E3DDF209F7C824715A22A4B02C016C5D6EDD0553E5118C78647079413D21B23CC186501D1D7314A0D103FA2F5036EA9EC1C0DA85A22A8BECBD1E18628D990524B2D60F027516D79E0A32C825F914B2B3877F0875554947C12EE3DFB3C6E6AF073573633A96985CC38FA0DACA205E19BC017791B3722E1F7C46ACB0B9FE65386CCDF225DED694EFC0F6B2A1EE790E57AE717B2261B3CC55F39B570B0B8F288BB30063CF9BD058C91758C2B2F0014D0B4FA1D008B5954E8F5748B618D29774F78CD94405B0E2E77F9D4E1CC5C5F87C36BBDEB134795A10D8A5E81221507842B200E709857332F78F80F90139F8E42E3D637A4B3C8B86211F33202596D7D84151653D99BBCA2573D93DFE260C268CAAE90A4741DB6063C7352B141F8A4F"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\SSSensor.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Touch\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\Integrator.exe
c:\windows\system32\niSvcLoc.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Voltooingstijd: 2009-04-24 21:26 - machine werd herstart
ComboFix-quarantined-files.txt 2009-04-24 19:26
ComboFix2.txt 2009-04-21 11:12

Pre-Run: 16.052.006.912 bytes beschikbaar
Post-Run: 16.129.126.400 bytes beschikbaar

256 --- E O F --- 2009-04-16 08:15

2 many soldiers

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:02, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2007 DVD\EDICT.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mijn.groept.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [E07NXLRD_544359] "C:\Program Files\Microsoft Encarta\Encarta Winkler Prins Naslagbibliotheek 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Program Files\dopewars-1.5.12\dopewars.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10572 bytes

Juisterr

Legacy Member
Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

CFuninstall.png


vertel even hoe het nu gaat.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan