PDA

Volledige versie bekijken : CTRL ALT DELETE werkt niet meer



cram
11 april 2007, 16:50
CTRL ALT DELETE werkt niet meer, heb al verschillende oplossingen geprobeerd.
Heb ook al gescand met AVG,NOD32,Spyware doctor enz. in gewoone modus en Veilige modus.
Logje

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:43:36, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\ CLMLServer.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\HP_Eigenaar\Bureaublad\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_BE&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_BE&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Alcatel Speedtouch Connection.lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B500C2D-55A3-4B92-9327-B23769D1F300}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{0B500C2D-55A3-4B92-9327-B23769D1F300}: NameServer = 195.238.2.21 195.238.2.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\ CLMLServer.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 7859 bytes

Jurgenv1
11 april 2007, 17:02
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

cram
11 april 2007, 17:16
combofix report

"HP_Eigenaar" - 07-04-11 17:10:35 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\HP_Eigenaar\Bureaublad"


((((((((((((((((((((((((((((((( Files Created from 2007-03-11 to 2007-04-11 ))))))))))))))))))))))))))))))))))


2007-04-10 23:57 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-04-10 22:13 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-10 22:13 <DIR> dr-h-c--- C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-04-10 22:13 <DIR> dr---c--- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-04-10 22:13 <DIR> dr---c--- C:\DOCUME~1\ADMINI~1\Menu Start
2007-04-10 22:13 <DIR> dr---c--- C:\DOCUME~1\ADMINI~1\Favorieten
2007-04-10 22:13 <DIR> d--h-c--- C:\DOCUME~1\ADMINI~1\Sjablonen
2007-04-10 22:13 <DIR> d--h-c--- C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
2007-04-10 22:13 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-04-10 22:13 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\Bureaublad
2007-04-10 22:13 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-04-10 17:56 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2007-04-10 14:37 77,905 --a--c--- C:\WINDOWS\system32\Belgium Identity Card PKCS11.dll
2007-04-10 14:37 40,960 --a--c--- C:\WINDOWS\system32\eidlibj.dll
2007-04-10 14:37 352,256 --a--c--- C:\WINDOWS\system32\eidlib.dll
2007-04-10 14:37 114,688 --a--c--- C:\WINDOWS\system32\EIDLibCtrl.dll
2007-04-09 13:51 <DIR> d----c--- C:\Program Files\Lavasoft
2007-04-09 13:50 <DIR> d----c--- C:\Program Files\SpywareBlaster
2007-04-09 13:46 <DIR> d----c--- C:\Program Files\Hitman Pro
2007-04-08 21:52 <DIR> d----c--- C:\VundoFix Backups
2007-04-07 23:06 <DIR> dr-h-c--- C:\DOCUME~1\HP_EIG~1\Onlangs geopend
2007-04-07 13:48 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\DoctorWeb
2007-04-07 13:40 <DIR> d----c--- C:\Program Files\SelfImage
2007-04-07 13:26 <DIR> d----c--- C:\WINDOWS\system\shellex2
2007-04-06 19:55 <DIR> d----c--- C:\Program Files\MP3 Player Utilities
2007-04-06 16:17 83,536 --a--c--- C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-06 16:17 626,688 --a--c--- C:\WINDOWS\system32\msvcr80.dll
2007-04-06 16:17 59,984 --a--c--- C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-06 16:17 52,304 --a--c--- C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-06 16:17 39,248 --a--c--- C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-06 16:17 26,064 --a--c--- C:\WINDOWS\system32\drivers\kcom.sys
2007-04-05 04:38 <DIR> d----c--- C:\Program Files\The GodFather
2007-04-05 04:27 516,173 --a--c--- C:\WINDOWS\system32\MSVCP60D.DLL
2007-04-05 04:27 385,100 --a--c--- C:\WINDOWS\system32\MSVCRTD.DLL
2007-04-04 19:38 <DIR> d----c--- C:\Program Files\Spiral Graphics
2007-04-04 19:24 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\Hulabee
2007-04-01 15:36 8 --a--c--- C:\WINDOWS\system32\nvModes.dat
2007-04-01 15:12 <DIR> d----c--- C:\Program Files\SystemRequirementsLab
2007-04-01 15:12 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\SystemRequirementsLa b
2007-04-01 13:34 <DIR> d----c--- C:\Program Files\iTunes
2007-04-01 13:34 <DIR> d----c--- C:\Program Files\iPod
2007-03-31 22:29 31,744 --a--c--- C:\WINDOWS\system32\tmffbdrv.dll
2007-03-31 22:29 131,072 --a--c--- C:\WINDOWS\system32\tmffbcpl.dll
2007-03-31 22:29 106,496 --a--c--- C:\WINDOWS\system32\GUStrLib.dll
2007-03-31 22:29 <DIR> d----c--- C:\Program Files\Thrustmaster
2007-03-31 14:40 <DIR> d----c--- C:\d7b31eec47f5da15d7849478e99e46c3
2007-03-31 14:39 <DIR> d----c--- C:\Program Files\MSBuild
2007-03-31 14:36 <DIR> d----c--- C:\WINDOWS\system32\XPSViewer
2007-03-31 14:36 <DIR> d----c--- C:\Program Files\Reference Assemblies
2007-03-31 14:35 14,048 -----c--- C:\WINDOWS\system32\spmsg2.dll
2007-03-27 00:53 <DIR> d----c--- C:\Program Files\Doom 3
2007-03-26 21:38 <DIR> d----c--- C:\Program Files\Ubisoft
2007-03-26 20:20 <DIR> d----c--- C:\Program Files\EA GAMES
2007-03-26 01:30 <DIR> d----c--- C:\Program Files\Bethesda Softworks
2007-03-26 00:40 <DIR> d----c--- C:\Program Files\Sierra
2007-03-25 23:29 <DIR> d----c--- C:\Program Files\Wendigo Software
2007-03-24 21:53 <DIR> d----c--- C:\Program Files\Electronic Arts
2007-03-21 02:22 796,672 --a--c--- C:\WINDOWS\GPInstall.exe
2007-03-20 20:48 <DIR> d----c--- C:\Program Files\POV-Ray for Windows v3.6
2007-03-20 20:37 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\Ambient Design
2007-03-20 20:33 <DIR> d----c--- C:\Program Files\Ambient Design
2007-03-19 21:53 <DIR> d----c--- C:\Program Files\MediaCoder
2007-03-18 20:39 <DIR> d--h-c--- C:\WINDOWS\msdownld.tmp
2007-03-18 20:39 <DIR> d----c--- C:\WINDOWS\system32\windows media
2007-03-18 17:11 <DIR> d----c--- C:\Program Files\HDCleaner
2007-03-18 17:09 <DIR> d----c--- C:\Program Files\RegCool
2007-03-18 01:56 <DIR> d----c--- C:\Program Files\3D Canvas 7
2007-03-18 00:35 <DIR> d----c--- C:\Program Files\SpeedRam2
2007-03-17 22:32 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\Launchy
2007-03-17 19:58 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\Spyware Terminator
2007-03-17 19:58 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-03-17 19:28 217,088 --a--c--- C:\WINDOWS\system32\i420vfw.dll
2007-03-17 19:23 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\Workrave
2007-03-17 15:34 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\STOIK
2007-03-16 22:14 <DIR> d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\Tenebril
2007-03-16 22:12 <DIR> d----c--- C:\DOCUME~1\LOCALS~1\APPLIC~1\Spyware Terminator
2007-03-16 21:39 <DIR> d----c--- C:\Program Files\STOIK Imaging
2007-03-16 21:39 <DIR> d----c--- C:\Program Files\Sitex
2007-03-16 21:36 <DIR> d----c--- C:\Program Files\RegToy
2007-03-16 21:35 180,224 --a-sc--- C:\WINDOWS\system32\archlib.dll
2007-03-16 21:35 <DIR> d----c--- C:\WINDOWS\system32\tenarchlib
2007-03-16 21:35 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-03-16 21:32 78,336 --a--c--- C:\WINDOWS\system32\ATX32PIC.DLL
2007-03-16 21:32 346,112 --a--c--- C:\WINDOWS\system32\PPRO100.DLL
2007-03-16 21:32 28,160 --a--c--- C:\WINDOWS\system32\ATX32OLE.DLL
2007-03-16 21:32 237,568 --a--c--- C:\WINDOWS\system32\CompPl32.dll
2007-03-16 21:32 124,416 --a--c--- C:\WINDOWS\system32\ix1Setup.exe
2007-03-16 21:32 <DIR> d----c--- C:\WebSite X1
2007-03-16 20:18 <DIR> d----c--- C:\Program Files\AV VCS 3.0
2007-03-16 20:08 6,852 --a--c--- C:\WINDOWS\system32\drivers\Vcs.sys
2007-03-16 20:08 16 --a--c--- C:\WINDOWS\system32\DataRnvx.dat
2007-03-16 19:53 <DIR> d----c--- C:\Program Files\DVD Shrink
2007-03-16 19:53 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-03-16 18:02 31,232 --a--c--- C:\WINDOWS\system\vdremote.dll
2007-03-16 18:02 25,088 --a--c--- C:\WINDOWS\system\vdsvrlnk.dll
2007-03-13 23:18 87,424 --a--c--- C:\WINDOWS\system32\drivers\irda.sys
2007-03-13 23:18 8,192 --a--c--- C:\WINDOWS\system32\wshirda.dll
2007-03-13 23:18 28,160 --a--c--- C:\WINDOWS\system32\irmon.dll
2007-03-13 23:18 19,584 --a--c--- C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-13 23:18 18,688 --a--c--- C:\WINDOWS\system32\drivers\irsir.sys
2007-03-13 23:18 154,112 --a--c--- C:\WINDOWS\system32\irftp.exe
2007-03-13 01:02 0 --a--c--- C:\WINDOWS\system32\SBRC.dat
2007-03-13 01:02 0 --a--c--- C:\WINDOWS\system32\SBFC.dat
2007-03-11 02:38 <DIR> d----c--- C:\Program Files\7-Zip
2007-03-11 01:44 75,392 --a--c--- C:\WINDOWS\system32\drivers\atimpae.sys
2007-03-11 01:44 137,216 --a--c--- C:\WINDOWS\system32\atidrae.dll
2007-03-11 01:07 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers Headquarters


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-04-11 16:29 90062 --a--c--- C:\WINDOWS\system32\perfc013.dat
2007-04-11 16:29 505082 --a--c--- C:\WINDOWS\system32\perfh013.dat
2007-04-11 16:28 -------- d----c--- C:\Program Files\spyware doctor
2007-04-10 18:03 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\gtk-2.0
2007-04-10 14:50 6 --a--c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\dm.ini
2007-04-10 14:50 1477 --a--c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\adobedlm.log
2007-04-10 14:37 -------- d----c--- C:\Program Files\belgium identity card
2007-04-09 20:56 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\coreftp
2007-04-09 19:51 -------- d----c--- C:\Program Files\coreftp
2007-04-09 19:37 -------- d----c--- C:\Program Files\recuva
2007-04-09 14:12 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\lavasoft
2007-04-09 12:58 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\msn6
2007-04-07 10:59 -------- d----c--- C:\Program Files\dds converter 2
2007-04-06 23:14 -------- d----c--- C:\Program Files\paint.net
2007-04-06 20:14 19728 --a--c--- C:\WINDOWS\system32\pgdfgsvc.exe
2007-04-05 22:12 -------- d----c--- C:\Program Files\k-lite codec pack
2007-04-05 04:27 -------- d----c--- C:\Program Files\free audio pack
2007-04-04 21:40 -------- d----c--- C:\Program Files\jetaudio
2007-04-04 21:40 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\cowon
2007-04-04 19:38 -------- d----c--- C:\Program Files\boontygames
2007-04-04 19:02 -------- d----c--- C:\Program Files\picasa2
2007-04-01 13:34 -------- d----c--- C:\Program Files\apple software update
2007-03-31 17:32 -------- d----c--- C:\Program Files\limewire
2007-03-30 20:06 2984 --ahsc--- C:\WINDOWS\system32\kgygaavl.sys
2007-03-30 06:51 -------- d----c--- C:\Program Files\weather watcher
2007-03-27 22:23 -------- d----c--- C:\Program Files\gimp-2.0
2007-03-27 22:06 12464 --a--c--- C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-27 19:14 -------- d--h-c--- C:\Program Files\installshield installation information
2007-03-26 21:18 1475 --a--c--- C:\WINDOWS\ereg.dat
2007-03-25 22:27 -------- d----c--- C:\Program Files\mozilla sunbird
2007-03-24 12:40 -------- d----c--- C:\Program Files\incapro
2007-03-23 23:35 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\openoffice.org2
2007-03-21 02:22 -------- d----c--- C:\Program Files\fpsc_brg
2007-03-20 07:16 -------- d----c--- C:\Program Files\the game creators
2007-03-18 17:15 -------- d----c--- C:\Program Files\ddsv2
2007-03-18 17:09 -------- d----c--- C:\Program Files\msecache
2007-03-17 20:04 -------- d----c--- C:\Program Files\spywareguard
2007-03-17 15:45 293376 --a--c--- C:\WINDOWS\system32\winsrv.dll
2007-03-17 15:33 8463 --a--c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\mainhst.zgh
2007-03-11 03:18 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\skype
2007-03-10 17:39 -------- d----c--- C:\Program Files\nvidia corporation
2007-03-10 17:38 151552 --a--c--- C:\WINDOWS\system32\nvregdev.dll
2007-03-10 16:58 -------- d----c--- C:\Program Files\imageconverter plus
2007-03-10 02:04 -------- d----c--- C:\Program Files\foxit software
2007-03-09 23:30 -------- d----c--- C:\Program Files\artweaver 0.4
2007-03-09 20:09 -------- d----c--- C:\Program Files\uvmapper professional demo
2007-03-09 19:17 -------- d----c--- C:\Program Files\Common Files\systemrequirementslab
2007-03-09 19:17 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\system requirements lab
2007-03-09 10:57 27376 --a--c--- C:\WINDOWS\system32\sbbd.exe
2007-03-09 07:46 164 --a--c--- C:\install.dat
2007-03-08 23:21 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\real
2007-03-08 20:34 -------- d----c--- C:\Program Files\riftspace
2007-03-08 19:56 -------- d----c--- C:\Program Files\logitech
2007-03-08 19:18 -------- d----c--- C:\Program Files\ultimate resource pack
2007-03-08 18:38 -------- d----c--- C:\Program Files\starwraith
2007-03-08 18:16 -------- d----c--- C:\Program Files\dark basic software
2007-03-08 17:51 -------- d----c--- C:\Program Files\msxml 6.0
2007-03-08 17:51 -------- d----c--- C:\Program Files\microsoft sql server
2007-03-08 17:39 579072 --a--c--- C:\WINDOWS\system32\user32.dll
2007-03-08 17:39 40960 --a--c--- C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:39 281600 --a--c--- C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37 1843712 --a--c--- C:\WINDOWS\system32\win32k.sys
2007-03-07 19:52 -------- d----c--- C:\Program Files\behemot
2007-03-07 03:00 -------- d----c--- C:\Program Files\minos
2007-03-07 02:59 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\getrighttogo
2007-03-06 17:40 -------- d----c--- C:\Program Files\darkest island
2007-03-06 15:42 3888 --a--c--- C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-03-05 23:39 -------- d----c--- C:\Program Files\windows live toolbar
2007-03-04 15:30 -------- dr-h-c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\mymorph
2007-03-04 15:28 -------- d----c--- C:\Program Files\mymorph
2007-03-04 14:25 -------- d----c--- C:\Program Files\gmax
2007-03-03 19:55 -------- d----c--- C:\Program Files\eusing free registry cleaner
2007-03-03 12:56 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\media player classic
2007-03-03 12:52 -------- d----c--- C:\Program Files\quicktime
2007-03-02 00:35 -------- d----c--- C:\Program Files\samples
2007-03-02 00:35 -------- d----c--- C:\Program Files\doc
2007-03-01 22:01 -------- d----c--- C:\Program Files\microsoft windows vista upgrade advisor
2007-03-01 01:09 -------- d----c--- C:\Program Files\game_maker7
2007-02-28 19:44 -------- d----c--- C:\Program Files\ant movie catalog
2007-02-28 19:01 -------- d----c--- C:\Program Files\griffith
2007-02-27 00:01 -------- d----c--- C:\Program Files\entity snapshot
2007-02-25 23:03 -------- d----c--- C:\Program Files\hidden agenda
2007-02-25 01:02 -------- d----c--- C:\Program Files\pixresizer
2007-02-25 01:02 -------- d----c--- C:\Program Files\image converter .exe
2007-02-25 01:01 -------- d----c--- C:\Program Files\Common Files\softtech intercorp
2007-02-24 19:28 -------- d----c--- C:\Program Files\cleantools
2007-02-24 12:01 -------- d----c--- C:\Program Files\msn messenger
2007-02-24 11:56 -------- d----c--- C:\Program Files\bin
2007-02-24 11:55 -------- d----c--- C:\Program Files\plugins
2007-02-24 11:54 -------- d----c--- C:\Program Files\tutorials
2007-02-24 11:48 -------- d----c--- C:\Program Files\signs
2007-02-21 23:49 -------- d----c--- C:\Program Files\Common Files\wise installation wizard
2007-02-21 23:48 -------- d----c--- C:\Program Files\winamp
2007-02-21 23:48 -------- d----c--- C:\Program Files\mediamonkey
2007-02-21 21:00 10752 --a--c--- C:\WINDOWS\system32\ff_vfw.dll
2007-02-21 02:16 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\arcsoft
2007-02-20 23:38 -------- d----c--- C:\Program Files\Common Files\nikon
2007-02-20 23:38 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\nikon
2007-02-20 19:14 -------- d----c--- C:\Program Files\pc inspector file recovery
2007-02-20 18:54 -------- d----c--- C:\Program Files\nikon
2007-02-20 18:54 -------- d----c--- C:\Program Files\Common Files\muvee technologies
2007-02-20 18:53 -------- d----c--- C:\Program Files\arcsoft
2007-02-20 02:09 -------- d----c--- C:\Program Files\steinberg
2007-02-19 02:16 -------- d----c--- C:\Program Files\synth1
2007-02-19 02:03 2215 --a--c--- C:\Program Files\unins000.dat
2007-02-19 02:03 -------- d----c--- C:\Program Files\rgcaudio triangle ii
2007-02-19 01:32 118784 --a--c--- C:\WINDOWS\dsdxirmv.exe
2007-02-19 01:06 -------- d----c--- C:\Program Files\vstplugins
2007-02-19 01:06 -------- d----c--- C:\Program Files\image-line
2007-02-19 00:17 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\uniblue
2007-02-18 23:42 -------- d----c--- C:\Program Files\futuremark
2007-02-18 23:31 -------- d----c--- C:\Program Files\sauerbraten
2007-02-17 01:56 -------- d----c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\nasa
2007-02-17 01:53 -------- d----c--- C:\Program Files\nasa
2007-02-16 23:01 -------- d----c--- C:\Program Files\myproduct
2007-02-16 17:27 -------- d----c--- C:\Program Files\disk investigator
2007-02-16 08:20 -------- d----c--- C:\Program Files\fpi maker
2007-02-16 08:20 -------- d----c--- C:\Program Files\Common Files\skype
2007-02-16 08:19 -------- d----c--- C:\Program Files\install creator
2007-02-16 08:17 -------- d----c--- C:\Program Files\whatsrunning
2007-02-16 08:17 -------- d----c--- C:\Program Files\amd
2007-02-16 08:16 -------- d----c--- C:\Program Files\google
2007-02-16 08:15 -------- d----c--- C:\Program Files\explorerxp
2007-02-16 08:14 -------- d----c--- C:\Program Files\rocketdock
2007-02-16 08:13 -------- d----c--- C:\Program Files\Common Files\macromedia shared
2007-02-16 08:13 -------- d----c--- C:\Program Files\ccleaner
2007-02-16 08:12 -------- d----c--- C:\Program Files\windows defender
2007-02-16 08:12 -------- d----c--- C:\Program Files\izarc
2007-02-16 08:12 -------- d----c--- C:\Program Files\add remove pro
2007-02-16 07:51 -------- d----c--- C:\Program Files\drive rescue
2007-02-15 14:45 707344 --a--c--- C:\WINDOWS\system32\oodag.exe
2007-02-15 14:34 217360 --a--c--- C:\WINDOWS\system32\oodbs.exe
2007-02-15 14:18 277264 --a--c--- C:\WINDOWS\system32\oodssrs.dll
2007-02-15 14:16 17168 --a--c--- C:\WINDOWS\system32\oodagrs.dll
2007-02-15 14:16 11536 --a--c--- C:\WINDOWS\system32\oodbsrs.dll
2007-02-15 14:15 17168 --a--c--- C:\WINDOWS\system32\oodagmg.dll
2007-02-15 13:36 937984 --a--c--- C:\WINDOWS\system32\ooscrsav.scr
2007-02-15 10:44 16656 --a--c--- C:\WINDOWS\system32\ootmapi.dll
2007-02-13 00:16 -------- d----c--- C:\Program Files\java
2007-02-12 03:01 -------- d----c--- C:\Program Files\skype
2007-02-10 13:13 356352 --a--c--- C:\WINDOWS\system32\nvunrm.exe
2007-02-10 13:13 356352 --a--c--- C:\WINDOWS\system32\nvuninst.exe
2007-02-10 13:13 356352 --a--c--- C:\WINDOWS\system32\nvudisp.exe
2007-02-10 06:29 2234224 --a--c--- C:\WINDOWS\system32\sqlncli.dll
2007-02-05 22:20 185344 --a--c--- C:\WINDOWS\system32\upnphost.dll
2007-02-01 05:56 639066 --a--c--- C:\WINDOWS\system32\divx.dll
2007-01-30 06:03 3596288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 06:03 200704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2007-01-30 06:03 1044480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2007-01-30 05:56 73728 --a--c--- C:\WINDOWS\system32\dpl100.dll
2007-01-30 05:56 196608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2007-01-24 16:27 255848 --a--c--- C:\WINDOWS\system32\xactengine2_6.dll
2007-01-10 20:45 3539 --a--c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\hpcom_48bitscanupdat e.log
2007-01-10 03:36 5717 --a--c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\gdiplusupgrade_msiap proach_wrapper.log
2007-01-08 07:12 33 --a--c--- C:\DOCUME~1\HP_EIG~1\APPLIC~1\pcouffin.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\K-Lite Codec Pack\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM .exe\" -startup"
"beidsystemtray"="C:\\Program Files\\Belgium Identity Card\\beidsystemtray.exe"
@=""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsHistory"=hex:00,00,00,00
"NoRecentDocsMenu"=hex:00,00,00,00
"LinkResolveIgnoreLinkInfo"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\SBCSSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job


************************************************** ******************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

************************************************** ******************

Completion time: 07-04-11 17:13:59
C:\ComboFix-quarantined-files.txt ... 07-04-11 17:13
C:\ComboFix2.txt ... 07-04-07 14:00

cram
11 april 2007, 17:18
HiJacthis report

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:17:10, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\ CLMLServer.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Eigenaar\Bureaublad\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_BE&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Alcatel Speedtouch Connection.lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B500C2D-55A3-4B92-9327-B23769D1F300}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{0B500C2D-55A3-4B92-9327-B23769D1F300}: NameServer = 195.238.2.21 195.238.2.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\ CLMLServer.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 7541 bytes

cram
11 april 2007, 17:22
van af het moment dat combofix een log mmakte melde spyware doktor de volgende meldingen
11/04/2007 17:13:55:250
OnGuard: System Event Blocked
Naam bedreiging - Trojan.Goldun
Details - Spyware Doctor has blocked an application attempting to access a file.
Risiconiveau - Hoog
Infectie - C:\WINDOWS\system32\lsd_f3.dll

11/04/2007 17:13:49:203
OnGuard: System Event Blocked
Naam bedreiging - Backdoor.Hackdoor
Details - Spyware Doctor has blocked an application attempting to access a file.
Risiconiveau - Hoog
Infectie - C:\WINDOWS\system32\ke7dnl.sys

cram
11 april 2007, 17:36
Heb nog eens een paar keer dien combofix getest.En iedere keer geeft spyware doktor meldings van backdoors en trojans.
Vanaf dat ik met combofix scan.
Vertrouw dien combofix niet.

Maar ondertussen werkt ctrl alt delete weer.

Jurgenv1
11 april 2007, 17:57
Download haxfix.exe (http://users.telenet.be/marcvn/tools/haxfix.exe).
Plaats het op je bureaublad.
Sluit alle andere programma's en sluit alle open vensters.
Dubbelklik op haxfix.exe om de installatie te starten.
Plaats een vinkje bij "Create a desktop icon".
Klik op "Next" en volg de instructies op het scherm.
Als de installatie klaar is zorg je dat er een vinkje staat bij "Launch HaxFix".
Klik op "Finish".
Er opent een rood doschermpje.
Kies voor Optie 1: Make logfile door op 1 te drukken.
Dit kan even duren. Wanneer HaxFix hiermee klaar is opent er een kladblokbestandje (haxlog.txt)
Post de inhoud van dat bestandje.

cram
11 april 2007, 20:51
HAXFIX logfile - by Marckie

version 4.39
07-04-11 20:36:53.67

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
WN5301

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---


checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected


Finished!
Spyware doktor (betaalde nieuwe versie )heeft ze al op gekuist.
Het is van af ik combofix gebruik dat spyware doktor die meldingen geeft en ze verwijdert.

Jurgenv1
11 april 2007, 21:18
Start Haxfix opnieuw door op je bureaublad op het icoontje HaxFix te klikken.
(of open de map program files\haxfix en dubbelklik op fix.bat)
Optie 2: Run auto fix
Sluit alle andere vensters, de computer zal tijdens het runnen van HaxFix herstarten.
Tik in 2 en druk op Enter om Optie 2 "Run auto fix" te starten.
Volg de instructies op het scherm.
De computer zal opnieuw starten.
Als Haxfix klaar is, opent er een kladblokbestand (c:\haxfix.txt). Post de inhoud van dit bestandje.