Archief - kan usb poorten niet meer lezen en kan c niet meer openen.

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Ion1c

Legacy Member
Pc doet enorm raar de laatste tijd en kun bv mijn usb stick en externe hdd niet meer zien en zelfs men c schijf niet meer openen.:help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:09, on 8/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\razerhid.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {731E5E3B-5591-4E51-B251-EB0A20EFEECC} - C:\WINDOWS\system32\atioglx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8691 bytes

Juisterr

Legacy Member
Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

Ion1c

Legacy Member
ComboFix 09-04-04.01 - Stijn 2009-04-09 0:15:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1536.954 [GMT 2:00]
Running from: c:\documents and settings\Stijn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\__c00A07EE.dat
c:\windows\system32\drivers\Wintw24.sys
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\WinCtrl32.dl_
c:\windows\system32\WinCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_wintw24
-------\Service_wintw24


((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-08 23:52 . 2009-03-09 21:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-04-08 20:27 . 2009-03-09 21:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-04-08 20:00 . 2009-04-08 20:00 <DIR> d-------- c:\program files\Lavasoft
2009-04-08 20:00 . 2009-04-08 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-08 20:00 . 2009-04-08 20:00 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-08 15:04 . 2009-04-08 15:04 38,400 --a------ c:\windows\system32\winsetupgl.exe
2009-04-08 11:04 . 2009-04-08 15:19 84,045 --a------ c:\windows\system32\ftp_non_crp.exe
2009-04-08 11:04 . 2009-04-08 15:19 155 --a------ c:\windows\system32\SelfDel.bat
2009-04-08 10:55 . 2009-04-08 10:55 <DIR> d-------- c:\program files\Trend Micro
2009-04-08 00:36 . 2009-04-08 13:02 <DIR> d--h----- C:\$AVG8.VAULT$
2009-04-07 14:14 . 2009-04-07 14:14 0 --a------ c:\windows\system32\commonpriv.log.lock
2009-04-07 14:06 . 2009-04-08 10:51 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-04-07 14:06 . 2009-04-07 14:06 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-04-07 14:06 . 2009-04-07 14:06 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-04-07 14:06 . 2009-04-07 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-04-07 14:05 . 2009-04-07 14:05 <DIR> d-------- c:\program files\AVG
2009-04-07 14:05 . 2009-04-08 10:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-04-07 11:27 . 2009-04-07 11:27 <DIR> d-------- c:\program files\CCleaner
2009-04-06 21:16 . 2009-04-09 00:20 106,450 --a------ c:\windows\system32\drivers\a0386b81.sys
2009-04-06 13:01 . 2009-04-06 13:01 <DIR> d-------- c:\program files\Common Files\Native Instruments
2009-04-06 13:00 . 2009-04-06 13:01 <DIR> d-------- c:\program files\Native Instruments
2009-04-06 13:00 . 2009-02-25 23:30 97,792 --a------ c:\windows\system32\atioglx.dll
2009-04-01 16:58 . 2009-04-01 16:58 <DIR> d-------- C:\Driver Download
2009-04-01 16:54 . 2009-04-01 16:57 <DIR> d-------- C:\Driver Backup 4-1-2009-165430
2009-04-01 16:48 . 2009-04-01 16:48 <DIR> d-------- c:\program files\Driver-Soft
2009-04-01 16:48 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx
2009-04-01 16:48 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-04-01 16:48 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2009-03-30 22:52 . 2009-03-30 22:52 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-29 20:14 . 2009-03-29 20:14 4,096 --a------ c:\windows\system32\crash
2009-03-29 17:19 . 2009-03-29 17:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-29 17:11 . 2009-03-29 17:11 <DIR> d-------- c:\program files\Adobe Media Player
2009-03-29 17:09 . 2009-03-29 17:09 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-29 17:04 . 2009-03-29 17:04 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-29 16:25 . 2009-03-29 16:26 <DIR> d-------- c:\program files\Winamp
2009-03-29 16:25 . 2009-03-29 16:26 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Winamp
2009-03-29 15:22 . 2009-03-29 15:27 69 --a------ c:\windows\NeroDigital.ini
2009-03-29 15:14 . 2009-03-29 15:15 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Nero
2009-03-29 14:54 . 2009-03-29 14:54 4,767 --a------ c:\windows\Irremote.ini
2009-03-29 14:51 . 2009-03-29 14:51 <DIR> d-------- c:\program files\Windows Sidebar
2009-03-29 14:36 . 2009-03-29 14:53 <DIR> d-------- c:\program files\Nero
2009-03-29 14:35 . 2009-03-29 15:11 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-29 14:35 . 2009-03-29 14:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-29 14:27 . 2009-03-29 14:27 <DIR> d-------- c:\program files\OurToolbar
2009-03-28 22:07 . 2002-01-11 09:41 7,936 --a------ c:\windows\system32\viasim.sys
2009-03-28 22:05 . 2009-03-28 22:05 <DIR> d-------- C:\fsc.tmp
2009-03-28 22:00 . 2009-03-28 22:00 <DIR> d-------- C:\DeskUpdate.tmp
2009-03-28 12:44 . 2009-03-28 12:44 <DIR> d-------- c:\documents and settings\Stijn\Application Data\AdobeUM
2009-03-28 11:53 . 2008-06-13 13:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-28 11:13 . 2009-03-29 17:13 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-28 11:12 . 2008-08-14 12:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-28 11:12 . 2008-08-14 12:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-28 11:12 . 2008-08-14 11:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-28 11:12 . 2008-08-14 11:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-28 11:10 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-28 11:03 . 2007-07-27 10:41 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-03-28 02:44 . 2009-03-28 02:44 287 --a------ c:\windows\game.ini
2009-03-28 02:39 . 2009-03-28 02:39 <DIR> d-------- c:\program files\Activision
2009-03-27 18:54 . 2009-03-27 18:54 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Media Player Classic
2009-03-27 18:53 . 2009-03-27 18:54 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\program files\iTunes
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\program files\iPod
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Apple Computer
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-27 17:31 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-27 17:31 . 2009-01-15 13:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-27 17:30 . 2009-03-27 17:30 <DIR> d-------- c:\program files\QuickTime
2009-03-27 17:30 . 2009-03-27 17:30 <DIR> d-------- c:\program files\Bonjour
2009-03-27 17:30 . 2009-03-27 17:30 <DIR> d-------- c:\program files\Apple Software Update
2009-03-27 17:30 . 2009-03-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-27 17:29 . 2009-03-27 17:31 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-27 17:29 . 2009-03-27 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-27 17:29 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-27 17:29 . 2009-03-06 00:59 36,864 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-03-27 17:07 . 2009-03-27 17:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2009-03-27 17:02 . 2009-03-27 17:02 <DIR> d-------- c:\program files\IVT Corporation
2009-03-27 17:02 . 2009-03-27 17:04 32 --a------ c:\windows\0
2009-03-27 17:02 . 2009-03-27 17:02 0 --------- c:\windows\system32\0
2009-03-27 17:01 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-27 17:01 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-27 17:01 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-26 22:47 . 2009-03-26 22:47 <DIR> d--hs---- c:\windows\ftpcache
2009-03-26 22:44 . 2009-03-26 22:44 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-26 22:44 . 2009-03-26 22:44 <DIR> d-------- c:\program files\D-Tools
2009-03-26 22:44 . 2004-08-22 17:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys
2009-03-26 22:44 . 2004-08-22 17:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys
2009-03-26 22:43 . 2009-04-08 22:09 69 --a------ c:\windows\PingTool.INI
2009-03-26 21:43 . 2002-03-27 15:54 217,088 --a------ c:\windows\system32\libmySQL.dll
2009-03-26 21:43 . 2002-03-29 11:13 102,400 --a------ c:\windows\system32\TrackerNET.dll
2009-03-26 21:40 . 2009-03-26 21:40 105 --a------ c:\windows\sierra.ini
2009-03-26 21:39 . 2009-03-26 21:39 <DIR> d-------- C:\Sierra
2009-03-26 21:28 . 2009-03-26 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-03-26 21:25 . 2009-03-26 21:25 <DIR> d-------- c:\program files\Empire Interactive
2009-03-26 21:17 . 2009-03-26 21:17 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-26 21:07 . 2009-03-26 21:07 <DIR> d-------- c:\program files\uTorrent
2009-03-26 21:07 . 2009-04-08 20:27 <DIR> d-------- c:\documents and settings\Stijn\Application Data\uTorrent
2009-03-26 20:59 . 2009-03-28 20:13 <DIR> d-------- c:\program files\UT2004
2009-03-26 20:55 . 2009-03-26 20:55 <DIR> d-------- c:\program files\PowerISO
2009-03-26 20:55 . 2009-03-26 20:55 <DIR> d-------- c:\program files\DAEMON Tools
2009-03-26 20:48 . 2009-03-26 20:48 <DIR> d-------- c:\documents and settings\Stijn\Contacts
2009-03-26 20:45 . 2009-03-26 20:48 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-03-26 20:45 . 2009-03-26 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-26 20:43 . 2009-04-08 20:27 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-26 20:43 . 2009-03-26 20:43 <DIR> d-------- c:\documents and settings\Stijn\Application Data\DAEMON Tools Pro
2009-03-26 20:43 . 2009-03-26 20:43 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-26 20:40 . 2009-03-26 20:43 <DIR> d-------- c:\program files\Windows Live
2009-03-26 20:40 . 2009-03-26 20:43 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-26 20:39 . 2009-03-26 20:44 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-26 20:35 . 2009-03-26 20:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-26 20:30 . 2009-03-26 20:30 <DIR> d-------- c:\documents and settings\Stijn\Application Data\ATI
2009-03-26 20:30 . 2009-03-26 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-03-26 20:27 . 2009-03-26 20:27 <DIR> d-------- c:\program files\Razer
2009-03-26 20:27 . 2004-12-16 23:52 53,248 --a------ c:\windows\system32\razer.cpl
2009-03-26 20:27 . 2005-04-24 23:43 13,225 --a------ c:\windows\system32\drivers\Razerlow.sys
2009-03-26 20:26 . 2009-03-26 20:29 <DIR> d-------- c:\documents and settings\Stijn\Tracing
2009-03-26 20:22 . 2009-03-26 20:22 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-26 20:21 . 2009-03-26 20:45 <DIR> d-------- c:\program files\PowerStrip
2009-03-26 20:18 . 2009-03-26 20:18 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-26 20:11 . 2009-03-26 20:11 0 --a------ c:\windows\ativpsrm.bin
2009-03-26 20:06 . 2009-03-26 20:29 <DIR> d-------- c:\program files\ATI
2009-03-26 20:05 . 2009-02-25 16:15 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-03-26 20:04 . 2009-03-26 20:06 <DIR> d-------- c:\program files\ATI Technologies
2009-03-26 20:02 . 2009-03-26 20:02 <DIR> d-------- C:\ATI
2009-03-26 19:54 . 2009-03-26 19:54 0 --a------ c:\windows\nsreg.dat
2009-03-26 19:49 . 2009-03-26 19:55 <DIR> d-------- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-26 19:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 19:25 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-25 18:55 --------- d-----w c:\documents and settings\Stijn\Application Data\BSplayer Pro
2009-03-25 18:54 --------- d-----w c:\program files\Webteh
2009-03-25 18:54 --------- d-----w c:\program files\MSBuild
2009-03-25 18:54 --------- d-----w c:\program files\Microsoft Works
2009-03-25 18:04 --------- d-----w c:\program files\Realtek AC97
2009-03-25 17:26 --------- d-----w c:\program files\microsoft frontpage
2009-03-25 17:21 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-25 22:58 3,565,568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 20:37 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{731E5E3B-5591-4E51-B251-EB0A20EFEECC}]
2009-02-25 23:30 97792 --a------ c:\windows\system32\atioglx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-03-11 738336]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-07 1932568]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 661776]
SANTIS USB and PC Card Utility.lnk - c:\program files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-04-02 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-07 14:06 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Sierra\\Half-Life\\PingTool\\PingTool.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-08 64160]
R0 qttnrcux;qttnrcux;c:\windows\system32\drivers\qttnrcux.sys [2001-08-23 23424]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-07 325640]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-07 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-07 298264]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for SANTIS WLAN USB Adapter;c:\windows\system32\drivers\vnetusbk.sys [2003-02-20 93184]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-03-26 13225]
S3 ATMEL WinXP PCMCIAFVNETR (2ARC)(R);ATMEL WinXP PCMCIAFVNETR (2ARC)(R) Service for SANTIS WLAN PC Card;c:\windows\system32\drivers\fvnetr51.sys [2003-01-14 91648]
S3 VIASIM;VIASIM;c:\windows\system32\viasim.sys [2009-03-28 7936]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28aadd4-1ae0-11de-9067-001167777169}]
\Shell\AutoRun\command - I:\xih9.cmd
\Shell\explore\Command - I:\xih9.cmd
\Shell\open\Command - I:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b72e2487-1962-11de-b36a-001167777169}]
\Shell\AutoRun\command - H:\xih9.cmd
\Shell\explore\Command - H:\xih9.cmd
\Shell\open\Command - H:\xih9.cmd
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:06]

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKU-Default-Run-A00FEA4331.exe - c:\windows\TEMP\_A00FEA4331.exe
Notify-__c00a07ee - c:\windows\system32\__c00A07EE.dat


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Stijn\Application Data\Mozilla\Firefox\Profiles\r68kj68q.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 00:19:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthfmudovbrfwxvmpxjrirnaijwcukutpiw]
"imagepath"="\systemroot\system32\drivers\ovfsthilakctbnnioxladuduydhnguymfihtjx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a0386b81]
"ImagePath"="\SystemRoot\System32\drivers\a0386b81.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Razer\razertra.exe
c:\program files\Razer\razerofa.exe
.
**************************************************************************
.
Completion time: 2009-04-09 0:22:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 22:22:09

Pre-Run: 39.974.297.600 bytes free
Post-Run: 39,924,158,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

308 --- E O F --- 2009-03-30 20:52:44

Juisterr

Legacy Member
Let op als je onderstaande plakt in kladblok dan zal er een spatie blijven staan bij curre ntversion , daar kan ik niks aan doen maar die spatie moet je even weghalen in je kladblok.
curre ntversion <<< fout
currentversion <<< goed

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b72e2487-1962-11de-b36a-001167777169}]


Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
I:\xih9.cmd
H:\xih9.cmd

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a28aadd4-1ae0-11de-9067-001167777169}]

[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b72e2487-1962-11de-b36a-001167777169}]


Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
CFScript.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.

Ion1c

Legacy Member
ComboFix 09-04-04.01 - Stijn 2009-04-09 17:22:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1536.930 [GMT 2:00]
Running from: c:\documents and settings\Stijn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stijn\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

FILE ::
H:\xih9.cmd
I:\xih9.cmd
.

((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-08 23:52 . 2009-03-09 21:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-04-08 20:27 . 2009-03-09 21:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-04-08 20:00 . 2009-04-08 20:00 <DIR> d-------- c:\program files\Lavasoft
2009-04-08 20:00 . 2009-04-08 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-08 20:00 . 2009-04-08 20:00 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-08 11:04 . 2009-04-08 15:19 155 --a------ c:\windows\system32\SelfDel.bat
2009-04-08 10:55 . 2009-04-08 10:55 <DIR> d-------- c:\program files\Trend Micro
2009-04-08 00:36 . 2009-04-09 15:29 <DIR> d--h----- C:\$AVG8.VAULT$
2009-04-07 14:14 . 2009-04-07 14:14 0 --a------ c:\windows\system32\commonpriv.log.lock
2009-04-07 14:06 . 2009-04-09 11:31 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-04-07 14:06 . 2009-04-07 14:06 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-04-07 14:06 . 2009-04-07 14:06 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-04-07 14:06 . 2009-04-07 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-04-07 14:05 . 2009-04-07 14:05 <DIR> d-------- c:\program files\AVG
2009-04-07 14:05 . 2009-04-09 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-04-07 11:27 . 2009-04-07 11:27 <DIR> d-------- c:\program files\CCleaner
2009-04-06 21:16 . 2009-04-09 17:25 106,450 --a------ c:\windows\system32\drivers\a0386b81.sys
2009-04-06 13:01 . 2009-04-06 13:01 <DIR> d-------- c:\program files\Common Files\Native Instruments
2009-04-06 13:00 . 2009-04-06 13:01 <DIR> d-------- c:\program files\Native Instruments
2009-04-06 13:00 . 2009-02-25 23:30 97,792 --a------ c:\windows\system32\atioglx.dll
2009-04-01 16:58 . 2009-04-01 16:58 <DIR> d-------- C:\Driver Download
2009-04-01 16:54 . 2009-04-01 16:57 <DIR> d-------- C:\Driver Backup 4-1-2009-165430
2009-04-01 16:48 . 2009-04-01 16:48 <DIR> d-------- c:\program files\Driver-Soft
2009-04-01 16:48 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx
2009-04-01 16:48 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-04-01 16:48 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2009-03-30 22:52 . 2009-03-30 22:52 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-29 20:14 . 2009-03-29 20:14 4,096 --a------ c:\windows\system32\crash
2009-03-29 17:19 . 2009-03-29 17:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-29 17:11 . 2009-03-29 17:11 <DIR> d-------- c:\program files\Adobe Media Player
2009-03-29 17:09 . 2009-03-29 17:09 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-29 17:04 . 2009-03-29 17:04 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-03-29 16:25 . 2009-03-29 16:26 <DIR> d-------- c:\program files\Winamp
2009-03-29 16:25 . 2009-03-29 16:26 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Winamp
2009-03-29 15:22 . 2009-03-29 15:27 69 --a------ c:\windows\NeroDigital.ini
2009-03-29 15:14 . 2009-03-29 15:15 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Nero
2009-03-29 14:54 . 2009-03-29 14:54 4,767 --a------ c:\windows\Irremote.ini
2009-03-29 14:51 . 2009-03-29 14:51 <DIR> d-------- c:\program files\Windows Sidebar
2009-03-29 14:36 . 2009-03-29 14:53 <DIR> d-------- c:\program files\Nero
2009-03-29 14:35 . 2009-03-29 15:11 <DIR> d-------- c:\program files\Common Files\Nero
2009-03-29 14:35 . 2009-03-29 14:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-29 14:27 . 2009-03-29 14:27 <DIR> d-------- c:\program files\OurToolbar
2009-03-28 22:07 . 2002-01-11 09:41 7,936 --a------ c:\windows\system32\viasim.sys
2009-03-28 22:05 . 2009-03-28 22:05 <DIR> d-------- C:\fsc.tmp
2009-03-28 22:00 . 2009-03-28 22:00 <DIR> d-------- C:\DeskUpdate.tmp
2009-03-28 12:44 . 2009-03-28 12:44 <DIR> d-------- c:\documents and settings\Stijn\Application Data\AdobeUM
2009-03-28 11:53 . 2008-06-13 13:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-28 11:13 . 2009-03-29 17:13 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-28 11:12 . 2008-08-14 12:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-28 11:12 . 2008-08-14 12:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-28 11:12 . 2008-08-14 11:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-28 11:12 . 2008-08-14 11:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-28 11:10 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-28 11:03 . 2007-07-27 10:41 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-03-28 02:44 . 2009-03-28 02:44 287 --a------ c:\windows\game.ini
2009-03-28 02:39 . 2009-03-28 02:39 <DIR> d-------- c:\program files\Activision
2009-03-27 18:54 . 2009-03-27 18:54 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Media Player Classic
2009-03-27 18:53 . 2009-03-27 18:54 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\program files\iTunes
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\program files\iPod
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\documents and settings\Stijn\Application Data\Apple Computer
2009-03-27 17:31 . 2009-03-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-27 17:31 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-27 17:31 . 2009-01-15 13:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-27 17:30 . 2009-03-27 17:30 <DIR> d-------- c:\program files\QuickTime
2009-03-27 17:30 . 2009-03-27 17:30 <DIR> d-------- c:\program files\Bonjour
2009-03-27 17:30 . 2009-03-27 17:30 <DIR> d-------- c:\program files\Apple Software Update
2009-03-27 17:30 . 2009-03-27 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-27 17:29 . 2009-03-27 17:31 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-27 17:29 . 2009-03-27 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-27 17:29 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-27 17:29 . 2009-03-06 00:59 36,864 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-03-27 17:07 . 2009-03-27 17:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2009-03-27 17:02 . 2009-03-27 17:02 <DIR> d-------- c:\program files\IVT Corporation
2009-03-27 17:02 . 2009-03-27 17:04 32 --a------ c:\windows\0
2009-03-27 17:02 . 2009-03-27 17:02 0 --------- c:\windows\system32\0
2009-03-27 17:01 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-27 17:01 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-27 17:01 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-26 22:47 . 2009-03-26 22:47 <DIR> d--hs---- c:\windows\ftpcache
2009-03-26 22:44 . 2009-03-26 22:44 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-26 22:44 . 2009-03-26 22:44 <DIR> d-------- c:\program files\D-Tools
2009-03-26 22:44 . 2004-08-22 17:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys
2009-03-26 22:44 . 2004-08-22 17:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys
2009-03-26 22:43 . 2009-04-08 22:09 69 --a------ c:\windows\PingTool.INI
2009-03-26 21:43 . 2002-03-27 15:54 217,088 --a------ c:\windows\system32\libmySQL.dll
2009-03-26 21:43 . 2002-03-29 11:13 102,400 --a------ c:\windows\system32\TrackerNET.dll
2009-03-26 21:40 . 2009-03-26 21:40 105 --a------ c:\windows\sierra.ini
2009-03-26 21:39 . 2009-03-26 21:39 <DIR> d-------- C:\Sierra
2009-03-26 21:28 . 2009-03-26 21:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-03-26 21:25 . 2009-03-26 21:25 <DIR> d-------- c:\program files\Empire Interactive
2009-03-26 21:17 . 2009-03-26 21:17 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-26 21:07 . 2009-03-26 21:07 <DIR> d-------- c:\program files\uTorrent
2009-03-26 21:07 . 2009-04-08 20:27 <DIR> d-------- c:\documents and settings\Stijn\Application Data\uTorrent
2009-03-26 20:59 . 2009-03-28 20:13 <DIR> d-------- c:\program files\UT2004
2009-03-26 20:55 . 2009-03-26 20:55 <DIR> d-------- c:\program files\PowerISO
2009-03-26 20:55 . 2009-03-26 20:55 <DIR> d-------- c:\program files\DAEMON Tools
2009-03-26 20:48 . 2009-03-26 20:48 <DIR> d-------- c:\documents and settings\Stijn\Contacts
2009-03-26 20:45 . 2009-03-26 20:48 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-03-26 20:45 . 2009-03-26 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-26 20:43 . 2009-04-08 20:27 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-26 20:43 . 2009-03-26 20:43 <DIR> d-------- c:\documents and settings\Stijn\Application Data\DAEMON Tools Pro
2009-03-26 20:43 . 2009-03-26 20:43 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-26 20:40 . 2009-03-26 20:43 <DIR> d-------- c:\program files\Windows Live
2009-03-26 20:40 . 2009-03-26 20:43 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-26 20:39 . 2009-03-26 20:44 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-26 20:35 . 2009-03-26 20:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-26 20:30 . 2009-03-26 20:30 <DIR> d-------- c:\documents and settings\Stijn\Application Data\ATI
2009-03-26 20:30 . 2009-03-26 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-03-26 20:27 . 2009-03-26 20:27 <DIR> d-------- c:\program files\Razer
2009-03-26 20:27 . 2004-12-16 23:52 53,248 --a------ c:\windows\system32\razer.cpl
2009-03-26 20:27 . 2005-04-24 23:43 13,225 --a------ c:\windows\system32\drivers\Razerlow.sys
2009-03-26 20:26 . 2009-03-26 20:29 <DIR> d-------- c:\documents and settings\Stijn\Tracing
2009-03-26 20:22 . 2009-03-26 20:22 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-26 20:21 . 2009-03-26 20:45 <DIR> d-------- c:\program files\PowerStrip
2009-03-26 20:18 . 2009-03-26 20:18 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-26 20:11 . 2009-03-26 20:11 0 --a------ c:\windows\ativpsrm.bin
2009-03-26 20:06 . 2009-03-26 20:29 <DIR> d-------- c:\program files\ATI
2009-03-26 20:05 . 2009-02-25 16:15 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-03-26 20:04 . 2009-03-26 20:06 <DIR> d-------- c:\program files\ATI Technologies
2009-03-26 20:02 . 2009-03-26 20:02 <DIR> d-------- C:\ATI
2009-03-26 19:54 . 2009-03-26 19:54 0 --a------ c:\windows\nsreg.dat
2009-03-26 19:49 . 2009-03-26 19:55 <DIR> d-------- c:\program files\Google
2009-03-26 19:03 . 2009-03-26 20:39 139,264 --a------ c:\windows\War3Unin.exe
2009-03-26 19:03 . 2009-03-26 21:15 63,580 --a------ c:\windows\War3Unin.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 17:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-26 19:29 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-26 19:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 19:25 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-25 18:55 --------- d-----w c:\documents and settings\Stijn\Application Data\BSplayer Pro
2009-03-25 18:54 --------- d-----w c:\program files\Webteh
2009-03-25 18:54 --------- d-----w c:\program files\MSBuild
2009-03-25 18:54 --------- d-----w c:\program files\Microsoft Works
2009-03-25 18:04 --------- d-----w c:\program files\Realtek AC97
2009-03-25 17:26 --------- d-----w c:\program files\microsoft frontpage
2009-03-25 17:21 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-25 22:58 3,565,568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 325,120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 204,800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:30 11,841,536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:29 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 3,817,984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 2,670,080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:44 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 475,136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:38 126,976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:37 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:32 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:30 3,227,648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-09_ 0.21.18.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-08 22:19:08 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-09 09:28:55 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-08 22:19:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-09 09:28:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-08 22:19:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 09:28:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{731E5E3B-5591-4E51-B251-EB0A20EFEECC}]
2009-02-25 23:30 97792 --a------ c:\windows\system32\atioglx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-03-11 738336]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-07 1932568]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 661776]
SANTIS USB and PC Card Utility.lnk - c:\program files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-04-02 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-07 14:06 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Sierra\\Half-Life\\PingTool\\PingTool.exe"=
"c:\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-08 64160]
R0 qttnrcux;qttnrcux;c:\windows\system32\drivers\qttnrcux.sys [2001-08-23 23424]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-07 325640]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-07 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-07 298264]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for SANTIS WLAN USB Adapter;c:\windows\system32\drivers\vnetusbk.sys [2003-02-20 93184]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-03-26 13225]
S3 ATMEL WinXP PCMCIAFVNETR (2ARC)(R);ATMEL WinXP PCMCIAFVNETR (2ARC)(R) Service for SANTIS WLAN PC Card;c:\windows\system32\drivers\fvnetr51.sys [2003-01-14 91648]
S3 VIASIM;VIASIM;c:\windows\system32\viasim.sys [2009-03-28 7936]
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:06]

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Stijn\Application Data\Mozilla\Firefox\Profiles\r68kj68q.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 17:25:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthfmudovbrfwxvmpxjrirnaijwcukutpiw]
"imagepath"="\systemroot\system32\drivers\ovfsthilakctbnnioxladuduydhnguymfihtjx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a0386b81]
"ImagePath"="\SystemRoot\System32\drivers\a0386b81.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-09 17:26:23
ComboFix-quarantined-files.txt 2009-04-09 15:26:21
ComboFix2.txt 2009-04-08 22:22:17

Pre-Run: 39.883.694.080 bytes free
Post-Run: 39,874,228,224 bytes free

297 --- E O F --- 2009-03-30 20:52:44

Ion1c

Legacy Member
ja, maar heb vandaag ontdekt dat het iets met men usb stick en externe hdd te maken geeft die tijdens de infectie aan me pc gekoppeld waren. mijn c schijf kan ik nu terug open zonder probleem en alles gaat vlot dank hier voor.

Maar op andere pc's heb ik met men apparaten (stick en hdd) nog steeds problemen om het apparaat te verkennen. Hij vraagt met welk programma ik het wil open doen en kan dus alleen door de letter van het apparaat te browsen de filles bekijken.

op mijn eigen pc kan ik niets doen. De pc ziet de apparaten bij het icoontje veilig verwijderen, maar ze verschijnen niet bij deze computer.

Een idee wat ik kan doen ? Formaten van externe hdd is geen optie.

Juisterr

Legacy Member
Download het volgende programma en start het.
Flash_Disinfector.exe

Het programma sluit Internet Explorer en de Windows Verkenner.
Er wordt gevraagd om de USB-disk aan te sluiten. Herhaal dit als je meerdere USB apparaten hebt.

Ion1c

Legacy Member
heb dit meerdere malen geprobeerd maar zonder succes.

heb ook reeds een nieuwe usb stick geprobeert, ook hier weigerde de pc hem te lezen. Hij zegt dat het apparaat klaar is voor gebruik, maar bij deze computer is hij niet te vinden.

nog ideeën ?

Juisterr

Legacy Member
is de schijf die hij aanmaakt ( bij mij noemt hij het de J schijf) al in gebruik door een andere bestemming, moet je er een bijmaken.

Ion1c

Legacy Member
nee hij wil de schijf gewoon niet weergeven bij deze computer, waardoor ik er dus ook niet aan kan.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan