Se connecter avec
S'enregistrer | Connectez-vous
Votre question

comment supprimer trojan.win32.agent.aoy/.anr

Dernière réponse : dans Sécurité et virus
Partagez
2 Juillet 2007 19:40:06

J'ai lu partous comment supprimer ces trojans mais je vois pas de comparaison avec mon cas, voici tous les logs que j'ai fais, peut qq1 m'aider svp?

Logfile of HijackThis v1.99.1
Scan saved at 19:13:13, on 2-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kijkgratistv.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D833631B-E7CA-45C4-8CFC-7B4678CD65A8} - C:\WINDOWS\system32\awtsq.dll (file missing)
O2 - BHO: (no name) - {E0D98C12-75E0-4856-98EF-BF63E9CDA21A} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [BearShare] ; "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [CloneCDTray] ; C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] ; "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] ; "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] ; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [LaunchApp] ; Alaunch
O4 - HKLM\..\Run: [MediaSync] ; C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [NeroCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] ; rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RealTray] ; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [udc6cw] ; "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c
O4 - HKLM\..\Run: [WinAntiVirusPro2006] ; C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [zango] ; "c:\program files\zango\zango.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\syrebjel.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] ; "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?27cfe594aef94bd4a8e96cd7bc6cef76
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?27cfe594aef94bd4a8e96cd7bc6cef76
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe

***********************************
***********************************
***********************************

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 17:23:23 28-6-2007

Listing files found while scanning....

C:\windows\system32\dnjgofjg.exe
C:\windows\system32\fnycvbkx.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\supmfbru.dll
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.tmp
C:\windows\system32\xkbvcynf.ini

Beginning removal...

Attempting to delete C:\windows\system32\dnjgofjg.exe
C:\windows\system32\dnjgofjg.exe Has been deleted!

Attempting to delete C:\windows\system32\fnycvbkx.dll
C:\windows\system32\fnycvbkx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\supmfbru.dll
C:\WINDOWS\system32\supmfbru.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tttss.tmp Has been deleted!

Attempting to delete C:\windows\system32\xkbvcynf.ini
C:\windows\system32\xkbvcynf.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 17:31:54 2-7-2007

Listing files found while scanning....

C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\qstwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\qstwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qstwa.tmp
C:\WINDOWS\system32\qstwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

***********************************
***********************************
***********************************

2007-07-02 17:44:08 - ComboFix 07-06-27.7 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\iifcdba.dll
C:\WINDOWS\system32\rqropol.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\lezaar.\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\Program Files\Common Files\companion wizard\WapCHK{C4FEB99E-EC9A-4347-AB36-6C61C289B29D}.dll
C:\Program Files\Common Files\companion wizard\WapCHK{D7E9D953-283C-4D22-8472-144A6545C5DD}.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\drivers\fopn.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 17:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 16:37 128,576 --a------ C:\WINDOWS\system32\psyftkur.dll
2007-07-01 21:30 128,576 --a------ C:\WINDOWS\system32\ofajeiss.dll
2007-06-30 19:45 128,576 --a------ C:\WINDOWS\system32\xohktytd.dll
2007-06-29 10:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-29 10:19 128,576 --a------ C:\WINDOWS\system32\lrayoqkk.dll
2007-06-28 18:00 51,038 --a------ C:\WINDOWS\system32\drivers\mad600u.sys
2007-06-28 18:00 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2007-06-28 18:00 49,484 --a------ C:\WINDOWS\system32\drivers\mardpnp.sys
2007-06-28 18:00 36,586 --a------ C:\WINDOWS\system32\drivers\mavcomm.sys
2007-06-28 18:00 25,044 --a------ C:\WINDOWS\system32\drivers\mad600m.sys
2007-06-28 18:00 24,789 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2007-06-28 18:00 11,473 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2007-06-28 17:50 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-06-28 17:48 <DIR> d-------- C:\WINDOWS\system32\Samsung
2007-06-28 17:48 <DIR> d-------- C:\Program Files\Samsung
2007-06-28 17:23 <DIR> d-------- C:\VundoFix Backups
2007-06-28 17:15 128,576 --a------ C:\WINDOWS\system32\johmmiht.dll
2007-06-28 16:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-28 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-28 16:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-28 16:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-28 16:45 <DIR> d-------- C:\Program Files\Hijack This
2007-06-28 16:10 128,576 --a------ C:\WINDOWS\system32\hjuplbou.dll
2007-06-27 08:55 66,112 --a------ C:\WINDOWS\system32\oytkxvpd.dll
2007-06-21 20:14 <DIR> d--hs---- C:\FOUND.030
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 22:34 <DIR> d-------- C:\Program Files\Windows Live
2007-06-03 22:34 <DIR> d-------- C:\Program Files\Messenger Plus! Live


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-21 14:56:44 -------- d-----w C:\Program Files\SigmaTel
2007-05-21 14:24:58 -------- d-----w C:\Program Files\MP3 Player Utilities 3.79
2007-05-21 14:18:46 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\AdobeUM
2007-05-17 19:47:30 304,182 ----a-w C:\StiImg.dat
2007-05-16 15:48:24 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\Paltalk
2007-05-16 15:48:20 -------- d-----w C:\Program Files\Paltalk Messenger
2007-05-16 15:19:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 13:42:58 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\Google
2007-05-10 13:39:54 -------- d-----w C:\Program Files\directx
2007-05-10 13:33:14 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\SpamTest
2007-05-10 13:33:12 -------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2007-05-10 13:33:00 -------- d-----w C:\Program Files\Kaspersky Lab
2007-05-09 22:01:22 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-04 16:25:36 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\NeroVision
2007-05-04 16:18:58 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-04 16:18:52 -------- d-----w C:\Program Files\Ahead
2007-05-02 17:00:32 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\Ahead
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{D833631B-E7CA-45C4-8CFC-7B4678CD65A8}=C:\WINDOWS\system32\awtsq.dll []
{E0D98C12-75E0-4856-98EF-BF63E9CDA21A}=C:\WINDOWS\system32\ssttt.dll []
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 21:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"SiSPower"="SiSPower.dll" [2005-07-13 02:55 C:\WINDOWS\system32\SiSPower.dll]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 16:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"OESpamTest"="C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE" [2005-08-04 19:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"DDC"="C:\WINDOWS\system32\syrebjel.exe" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]
"C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\udc6cw]
"C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Program Files\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\program files\zango\zango.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-02 15:00:02 C:\WINDOWS\tasks\ADB45F38918BD2B8.job
2007-07-02 15:21:04 C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 17:50:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 17:53:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 17:52

--- E O F ---

********************************
********************************
********************************

DiagHelp version v1.1.2 - http://www.malekal.com
excute le ma 02-07-2007 à 19:16:07,98


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\NSDriver.sys -->4-6-2007 15:18:48
C:\WINDOWS\System32/drivers\AWRTRD.sys -->4-6-2007 15:17:02
C:\WINDOWS\System32/drivers\AWRTPD.sys -->4-6-2007 15:14:56
C:\WINDOWS\System32/drivers\klin.sys -->15-5-2007 21:12:08
C:\WINDOWS\System32/drivers\klick.sys -->15-5-2007 21:11:12
C:\WINDOWS\System32/drivers\ntfs.sys -->9-2-2007 13:10:36
C:\WINDOWS\System32/drivers\StMp3Recnt.cat -->1-9-2006 14:17:54

C:\WINDOWS\System32\wpa.dbl -->2-7-2007 19:09:50
C:\WINDOWS\System32\eRLog.ini -->2-7-2007 19:09:46
C:\WINDOWS\System32\ruktfysp.ini -->2-7-2007 16:38:02
C:\WINDOWS\System32\psyftkur.dll -->2-7-2007 16:37:52
C:\WINDOWS\System32\ssiejafo.ini -->1-7-2007 21:31:12
C:\WINDOWS\System32\ofajeiss.dll -->1-7-2007 21:31:00
C:\WINDOWS\System32\dtytkhox.ini -->30-6-2007 19:45:38
C:\WINDOWS\System32\xohktytd.dll -->30-6-2007 19:45:26
C:\WINDOWS\System32\iwmbhtsm.ini -->30-6-2007 19:39:54
C:\WINDOWS\System32\kkqoyarl.ini -->29-6-2007 10:19:46
C:\WINDOWS\System32\lrayoqkk.dll -->29-6-2007 10:19:30
C:\WINDOWS\System32\thimmhoj.ini -->28-6-2007 17:19:52
C:\WINDOWS\System32\johmmiht.dll -->28-6-2007 17:15:56
C:\WINDOWS\System32\uoblpujh.ini -->28-6-2007 16:10:44
C:\WINDOWS\System32\hjuplbou.dll -->28-6-2007 16:10:30
C:\WINDOWS\System32\uguvphrl.ini -->28-6-2007 16:08:20
C:\WINDOWS\System32\cwxkcmdo.ini -->28-6-2007 15:31:12
C:\WINDOWS\System32\obkewewb.ini -->28-6-2007 9:26:38
C:\WINDOWS\System32\oytkxvpd.dll -->27-6-2007 8:55:54
C:\WINDOWS\System32\wrljdgmh.ini -->27-6-2007 8:51:08
C:\WINDOWS\System32\epupjdtw.ini -->24-6-2007 11:39:18
C:\WINDOWS\System32\pqaljees.ini -->23-6-2007 11:36:00
C:\WINDOWS\System32\EPPICResdb -->6-6-2007 23:15:44
C:\WINDOWS\System32\EPPICResdb0000 -->6-6-2007 23:15:44
C:\WINDOWS\System32\MRT.exe -->6-6-2007 8:38:42

C:\WINDOWS\setupapi.log -->2-7-2007 19:09:54
C:\WINDOWS\wiadebug.log -->2-7-2007 19:09:24
C:\WINDOWS\0.log -->2-7-2007 19:09:04
C:\WINDOWS\bootstat.dat -->2-7-2007 19:09:00
C:\WINDOWS\WindowsUpdate.log -->2-7-2007 18:23:38
C:\WINDOWS\SchedLgU.Txt -->2-7-2007 18:23:36
C:\WINDOWS\wiaservc.log -->2-7-2007 18:23:36
C:\WINDOWS\wininit.ini -->23-6-2007 22:19:26
C:\WINDOWS\QTFont.for -->20-6-2007 22:32:18
C:\WINDOWS\QTFont.qfn -->20-6-2007 22:32:18
C:\WINDOWS\catchme.exe -->5-6-2007 5:24:04
C:\WINDOWS\win.ini -->4-6-2007 21:37:30
C:\WINDOWS\EPSMTL32.TXT -->21-5-2007 18:54:44
C:\WINDOWS\system.ini -->21-5-2007 18:01:34
C:\WINDOWS\WMSysPr9.prx -->4-5-2007 18:22:20


De volumenaam van station C is ACER
Het volumenummer is 320D-180E

Map van C:\WINDOWS\system

25-12-1998 09:15 345.983 RCDsetup.exe
1 bestand(en) 345.983 bytes
0 map(pen) 55.091.003.392 bytes beschikbaar
De volumenaam van station C is ACER
Het volumenummer is 320D-180E

Map van C:\WINDOWS\system32

04-08-2004 05:00 6.144 csrss.exe
1 bestand(en) 6.144 bytes
0 map(pen) 55.091.003.392 bytes beschikbaar

Contenu de Downloaded Program Files
De volumenaam van station C is ACER
Het volumenummer is 320D-180E

Map van C:\WINDOWS\Downloaded Program Files

19-06-2006 16:00 <DIR> .
19-06-2006 16:00 <DIR> ..
03-11-2005 11:55 65 desktop.ini
25-07-2002 17:05 172.032 isusweb.dll
25-07-2002 17:13 196.608 dwusplay.exe
25-07-2002 17:13 24.576 dwusplay.dll
22-06-2006 11:41 5.032 swflash.inf
22-02-2007 23:41 304.544 MessengerStatsPAClient.dll
6 bestand(en) 702.857 bytes

Totaal aantal weergegeven bestanden:
6 bestand(en) 702.857 bytes
2 map(pen) 55.091.003.392 bytes beschikbaar

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"


Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

Rechercher adresses sensibles dans le fichier HOSTS...




KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
116 - Monitor.exe
488 - ctfmon.exe
504 - TeaTimer.exe
540 - csrss.exe
564 - winlogon.exe
608 - services.exe
620 - lsass.exe
752 - svchost.exe
840 - svchost.exe
876 - svchost.exe
1224 - spoolsv.exe
1344 - aawservice.exe
1420 - NOTEPAD.EXE
1524 - Explorer.EXE
1580 - MediaServerServ
2012 - kavsvc.exe
3344 - iexplore.exe
3580 - cmd.exe

Total number of processes = 19
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806FE000 - \WINDOWS\system32\hal.dll
F79F9000 - \WINDOWS\system32\KDCOM.DLL
F7909000 - \WINDOWS\system32\BOOTVID.dll
F74A9000 - ACPI.sys
F79FB000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F7498000 - pci.sys
F74F9000 - isapnp.sys
F7AC1000 - pciide.sys
F7779000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7509000 - MountMgr.sys
F7479000 - ftdisk.sys
F7781000 - PartMgr.sys
F7519000 - VolSnap.sys
F7461000 - atapi.sys
F7529000 - disk.sys
F7539000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7441000 - fltMgr.sys
F742F000 - sr.sys
F740C000 - Fastfat.sys
F73F5000 - KSecDD.sys
F73C8000 - NDIS.sys
F7549000 - uagp35.sys
F73AD000 - Mup.sys
F7789000 - Klpid.sys
F7791000 - Klpf.sys
F7799000 - \WINDOWS\System32\drivers\TDI.SYS
F790D000 - kl1.sys
F7579000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F7322000 - \SystemRoot\system32\DRIVERS\sisgrp.sys
F730E000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7589000 - \SystemRoot\system32\DRIVERS\imapi.sys
F79FD000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys
F77C9000 - \SystemRoot\system32\drivers\Afc.sys
F79A1000 - \SystemRoot\System32\Drivers\UBHelper.SYS
F7599000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F75A9000 - \SystemRoot\system32\DRIVERS\redbook.sys
F72EB000 - \SystemRoot\system32\DRIVERS\ks.sys
F79FF000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys
F6F71000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F6F4D000 - \SystemRoot\system32\drivers\portcls.sys
F75B9000 - \SystemRoot\system32\drivers\drmk.sys
F77D1000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F6F2A000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F77D9000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F6F19000 - \SystemRoot\system32\DRIVERS\serial.sys
F79A9000 - \SystemRoot\system32\DRIVERS\serenum.sys
F6EDD000 - \SystemRoot\system32\DRIVERS\parport.sys
F75C9000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F77E1000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F77E9000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7A01000 - \SystemRoot\system32\DRIVERS\serscan.sys
F7B45000 - \SystemRoot\system32\DRIVERS\audstub.sys
F77F1000 - \SystemRoot\system32\DRIVERS\rasirda.sys
F75D9000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F79AD000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6EC6000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F75E9000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F75F9000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F6EB5000 - \SystemRoot\system32\DRIVERS\psched.sys
F7609000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F77F9000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7801000 - \SystemRoot\system32\DRIVERS\raspti.sys
F7619000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7A03000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6E81000 - \SystemRoot\system32\DRIVERS\update.sys
F79B5000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F7809000 - \SystemRoot\system32\DRIVERS\irsir.sys
F79B9000 - \SystemRoot\system32\DRIVERS\irenum.sys
F7629000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7649000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7A05000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7A07000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B77000 - \SystemRoot\System32\Drivers\Null.SYS
F7A09000 - \SystemRoot\System32\Drivers\Beep.SYS
F7829000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7831000 - \SystemRoot\System32\drivers\vga.sys
F7A0B000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7A0D000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7839000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7841000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7379000 - \SystemRoot\system32\DRIVERS\rasacd.sys
ADEE5000 - \SystemRoot\system32\DRIVERS\ipsec.sys
ADE8D000 - \SystemRoot\system32\DRIVERS\tcpip.sys
ADE65000 - \SystemRoot\system32\DRIVERS\netbt.sys
ADE44000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F7659000 - \SystemRoot\system32\DRIVERS\wanarp.sys
ADE22000 - \SystemRoot\System32\drivers\afd.sys
F7669000 - \SystemRoot\system32\DRIVERS\netbios.sys
F6F15000 - \SystemRoot\system32\DRIVERS\srvkp.sys
ADDF7000 - \SystemRoot\system32\DRIVERS\rdbss.sys
ADD88000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F6F0D000 - \SystemRoot\System32\drivers\klmc.sys
ADD5D000 - \SystemRoot\System32\drivers\klif.sys
F7679000 - \SystemRoot\System32\Drivers\Fips.SYS
F7849000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F7699000 - \SystemRoot\System32\Drivers\Cdfs.SYS
ADD1D000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7A0F000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F6E6D000 - \SystemRoot\System32\drivers\Dxapi.sys
F7851000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C0D000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\SiSGRV.dll
ADB57000 - \SystemRoot\system32\DRIVERS\irda.sys
ADBF9000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
AD94A000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
ADB0F000 - \SystemRoot\system32\DRIVERS\MaVc2K.sys
AD8E5000 - \SystemRoot\system32\drivers\wdmaud.sys
ADA87000 - \SystemRoot\system32\drivers\sysaudio.sys
F7AB5000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
AD3BB000 - \SystemRoot\system32\DRIVERS\srv.sys
AD0FA000 - \SystemRoot\System32\Drivers\HTTP.sys
AD0E9000 - \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
ACC3F000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 116

Liste des programmes installes

@Home Components
Acer eConsole
Acer eMode Management
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows Media Player 9 (KB917734)
Beveiligingsupdate voor Windows XP (KB883939)
Beveiligingsupdate voor Windows XP (KB890046)
Beveiligingsupdate voor Windows XP (KB893756)
Beveiligingsupdate voor Windows XP (KB896358)
Beveiligingsupdate voor Windows XP (KB896422)
Beveiligingsupdate voor Windows XP (KB896423)
Beveiligingsupdate voor Windows XP (KB896424)
Beveiligingsupdate voor Windows XP (KB896428)
Beveiligingsupdate voor Windows XP (KB899587)
Beveiligingsupdate voor Windows XP (KB899588)
Beveiligingsupdate voor Windows XP (KB899591)
Beveiligingsupdate voor Windows XP (KB900725)
Beveiligingsupdate voor Windows XP (KB901017)
Beveiligingsupdate voor Windows XP (KB901190)
Beveiligingsupdate voor Windows XP (KB901214)
Beveiligingsupdate voor Windows XP (KB902400)
Beveiligingsupdate voor Windows XP (KB903235)
Beveiligingsupdate voor Windows XP (KB904706)
Beveiligingsupdate voor Windows XP (KB905414)
Beveiligingsupdate voor Windows XP (KB905749)
Beveiligingsupdate voor Windows XP (KB908519)
Beveiligingsupdate voor Windows XP (KB911562)
Beveiligingsupdate voor Windows XP (KB911567)
Beveiligingsupdate voor Windows XP (KB911927)
Beveiligingsupdate voor Windows XP (KB912919)
Beveiligingsupdate voor Windows XP (KB913433)
Beveiligingsupdate voor Windows XP (KB913580)
Beveiligingsupdate voor Windows XP (KB914388)
Beveiligingsupdate voor Windows XP (KB914389)
Beveiligingsupdate voor Windows XP (KB917159)
Beveiligingsupdate voor Windows XP (KB917344)
Beveiligingsupdate voor Windows XP (KB917422)
Beveiligingsupdate voor Windows XP (KB917953)
Beveiligingsupdate voor Windows XP (KB918118)
Beveiligingsupdate voor Windows XP (KB918439)
Beveiligingsupdate voor Windows XP (KB918899)
Beveiligingsupdate voor Windows XP (KB919007)
Beveiligingsupdate voor Windows XP (KB920213)
Beveiligingsupdate voor Windows XP (KB920214)
Beveiligingsupdate voor Windows XP (KB920670)
Beveiligingsupdate voor Windows XP (KB920683)
Beveiligingsupdate voor Windows XP (KB920685)
Beveiligingsupdate voor Windows XP (KB921398)
Beveiligingsupdate voor Windows XP (KB921883)
Beveiligingsupdate voor Windows XP (KB922616)
Beveiligingsupdate voor Windows XP (KB922760)
Beveiligingsupdate voor Windows XP (KB922819)
Beveiligingsupdate voor Windows XP (KB923191)
Beveiligingsupdate voor Windows XP (KB923414)
Beveiligingsupdate voor Windows XP (KB923694)
Beveiligingsupdate voor Windows XP (KB923980)
Beveiligingsupdate voor Windows XP (KB924191)
Beveiligingsupdate voor Windows XP (KB924270)
Beveiligingsupdate voor Windows XP (KB924496)
Beveiligingsupdate voor Windows XP (KB924667)
Beveiligingsupdate voor Windows XP (KB925454)
Beveiligingsupdate voor Windows XP (KB925486)
Beveiligingsupdate voor Windows XP (KB925902)
Beveiligingsupdate voor Windows XP (KB926255)
Beveiligingsupdate voor Windows XP (KB926436)
Beveiligingsupdate voor Windows XP (KB927779)
Beveiligingsupdate voor Windows XP (KB927802)
Beveiligingsupdate voor Windows XP (KB928090)
Beveiligingsupdate voor Windows XP (KB928255)
Beveiligingsupdate voor Windows XP (KB928843)
Beveiligingsupdate voor Windows XP (KB929123)
Beveiligingsupdate voor Windows XP (KB929969)
Beveiligingsupdate voor Windows XP (KB930178)
Beveiligingsupdate voor Windows XP (KB931261)
Beveiligingsupdate voor Windows XP (KB931768)
Beveiligingsupdate voor Windows XP (KB931784)
Beveiligingsupdate voor Windows XP (KB932168)
Beveiligingsupdate voor Windows XP (KB933566)
Beveiligingsupdate voor Windows XP (KB935839)
Beveiligingsupdate voor Windows XP (KB935840)
CANYON CN-WCAM21 PC-Camera
CCleaner (remove only)
CloneCD
EPSON-printersoftware
EPSON Attach To Email
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX3800 Gebruikershandleiding
Extensie voor Windows Live Toolbar (Windows Live Toolbar)
Google Earth
Google Video Player
Hijack This 1.99.1
HijackThis 1.99.1
Hotfix voor Windows XP (KB893357)
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Anti-Hacker
Kaspersky Anti-Spam Personal
Kaspersky Anti-Virus
KB898458: Beveiligingsupdate voor Step by Step Interactive Training
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
MP3 Player Utilities 1.47
MP3 Player Utilities 3.79
MSXML 4.0 SP2 (KB927978)
Nero OEM
NeroVision Express
NetDiag
NTI Backup NOW! 4
NTI Backup NOW! 4
NTI CD & DVD-Maker
NTI CD & DVD-Maker
NTI HomeVideo-Maker
OneCare Advisor (Windows Live Toolbar)
Paltalk Messenger
PIF DESIGNER
Pop-upblokkering (Windows Live Toolbar)
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
SAMSUNG Mobile USB Modem 1.0 Software
Samsung PC Studio
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SereneScreen Aquarium
Shockwave
SigmaTel MTPMSCN Audio Player
SiS VGA Utilities
SiSAGP driver
Smart Menu's (Windows Live Toolbar)
Spybot - Search & Destroy 1.4
Update voor Windows XP (KB894391)
Update voor Windows XP (KB896727)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB900485)
Update voor Windows XP (KB908531)
Update voor Windows XP (KB910437)
Update voor Windows XP (KB911280)
Update voor Windows XP (KB916595)
Update voor Windows XP (KB920872)
Update voor Windows XP (KB922582)
Update voor Windows XP (KB927891)
Update voor Windows XP (KB929338)
Update voor Windows XP (KB930916)
Update voor Windows XP (KB931836)
WebFldrs XP
Webpagina's tabsgewijs weergeven (Windows Live Toolbar)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Live Favorites voor Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Feedzoeker (Windows Live Toolbar)
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar



De volumenaam van station C is ACER
Het volumenummer is 320D-180E

Map van C:\Program Files

19-06-2006 16:00 <DIR> .
19-06-2006 16:00 <DIR> ..
23-10-2006 19:04 <DIR> 3B Software
18-08-2006 22:51 <DIR> Acer
03-11-2005 12:07 <DIR> Adobe
04-05-2007 18:18 <DIR> Ahead
02-07-2007 18:00 <DIR> CCleaner
03-11-2005 11:50 <DIR> Common Files
03-11-2005 11:54 <DIR> ComPlus Applications
03-11-2005 12:10 <DIR> CyberLink
10-05-2007 15:39 <DIR> directx
22-08-2006 19:09 <DIR> Elaborate Bytes
22-08-2006 12:47 <DIR> epson
21-10-2006 13:47 <DIR> Google
28-06-2007 16:45 <DIR> Hijack This
03-11-2005 11:54 <DIR> Internet Explorer
18-08-2006 22:52 <DIR> Java
10-05-2007 15:33 <DIR> Kaspersky Lab
28-06-2007 16:57 <DIR> Lavasoft
15-10-2006 21:58 <DIR> MediaGateway
03-11-2005 11:53 <DIR> Messenger
03-06-2007 22:34 <DIR> Messenger Plus! Live
25-03-2007 22:00 <DIR> MessengerPlus! 3
10-05-2007 00:01 <DIR> Microsoft CAPICOM 2.1.0.2
03-11-2005 11:56 <DIR> microsoft frontpage
21-11-2006 17:25 <DIR> Morpheus
03-11-2005 11:54 <DIR> Movie Maker
22-03-2007 21:44 <DIR> MP3 Player Utilities 1.47
21-05-2007 16:24 <DIR> MP3 Player Utilities 3.79
03-11-2005 11:53 <DIR> MSN Gaming Zone
07-10-2006 20:40 <DIR> MSN Messenger
29-06-2007 10:31 <DIR> MSXML 4.0
03-11-2005 11:54 <DIR> NetMeeting
03-11-2005 12:09 <DIR> NewTech Infosystems
03-11-2005 11:54 <DIR> Online Services
03-11-2005 11:54 <DIR> Outlook Express
16-05-2007 17:48 <DIR> Paltalk Messenger
07-10-2006 19:38 <DIR> QuickTime
07-10-2006 19:38 <DIR> Real
03-11-2005 12:05 <DIR> Realtek AC97
28-06-2007 17:48 <DIR> Samsung
22-08-2006 18:58 <DIR> SereneScreen
21-05-2007 16:56 <DIR> SigmaTel
18-08-2006 22:49 <DIR> SiS VGA Utilities V3.68
03-11-2005 12:03 <DIR> sisagp
28-06-2007 16:47 <DIR> Spybot - Search & Destroy
03-06-2007 22:34 <DIR> Windows Live
09-04-2007 20:02 <DIR> Windows Live Favorites
09-04-2007 20:01 <DIR> Windows Live Toolbar
03-11-2005 11:53 <DIR> Windows Media Player
03-11-2005 11:53 <DIR> Windows NT
22-08-2006 18:55 <DIR> WinRAR
22-08-2006 19:16 <DIR> WinZip
03-11-2005 11:56 <DIR> xerox
02-07-2007 18:01 <DIR> Yahoo!
0 bestand(en) 0 bytes
55 map(pen) 55.090.610.176 bytes beschikbaar
De volumenaam van station C is ACER
Het volumenummer is 320D-180E

Map van C:\Program Files\common files

19-06-2006 16:00 <DIR> .
19-06-2006 16:00 <DIR> ..
03-11-2005 11:50 <DIR> Microsoft Shared
03-11-2005 11:50 <DIR> SpeechEngines
03-11-2005 11:50 <DIR> ODBC
03-11-2005 11:54 <DIR> System
03-11-2005 11:54 <DIR> MSSoap
03-11-2005 11:54 <DIR> Services
03-11-2005 12:03 <DIR> InstallShield
03-11-2005 12:09 <DIR> NewTech Infosystems
03-11-2005 12:10 <DIR> muvee Technologies
03-11-2005 12:12 <DIR> Symantec Shared
18-08-2006 22:50 <DIR> ArcSoft
18-08-2006 22:52 <DIR> Java
07-10-2006 19:38 <DIR> Real
10-10-2006 10:06 <DIR> WhenU
05-04-2007 10:55 <DIR> xing shared
04-05-2007 18:18 <DIR> Ahead
10-05-2007 15:33 <DIR> Kaspersky Lab
21-05-2007 16:37 <DIR> Adobe
28-06-2007 16:56 <DIR> Wise Installation Wizard
0 bestand(en) 0 bytes
21 map(pen) 55.090.610.176 bytes beschikbaar
De volumenaam van station C is ACER
Het volumenummer is 320D-180E

Map van C:\

12-05-2007 18:22 68.096 diff.exe
12-05-2007 18:22 103.424 grep.exe
2 bestand(en) 171.520 bytes
0 map(pen) 55.090.610.176 bytes beschikbaar
c:\Documents and Settings\All Users\Application Data\SafeDateTeamMail\BurnDoes.exe
c:\Documents and Settings\All Users\Application Data\SafeDateTeamMail\Keepbib.exe
c:\Documents and Settings\All Users\Application Data\SafeDateTeamMail\KeepDefault.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\Patches\patch_pers_5.0.383_384_to_5.0.385.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\Patches\patch_pers_5.0.388_390_to_5.0.391.exe
c:\Documents and Settings\lezaar\Mijn documenten\Install_MSN_Messenger.EXE
c:\Documents and Settings\lezaar\Bureaublad\avenger.exe
c:\Documents and Settings\lezaar\Bureaublad\ComboFix.exe
c:\Documents and Settings\lezaar\Bureaublad\mon.exe
c:\Documents and Settings\lezaar\Bureaublad\SREng.EXE
c:\Documents and Settings\lezaar\Bureaublad\Nieuwe map\Install_MSN_Messenger.EXE
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\UNDLL.EXE
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\VundoFix\VundoFix.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\AdAware2007\aaw2007.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\Spybot\spybotsd14.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\HijackThis\hijackthissetupv1.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\DrWebCureIt\drweb-cureit.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\ComboFix\ComboFix.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\SamsungD600\DrvMdmSetup_Pure_V92.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\SamsungD600\Install_Messenger.exe
c:\Documents and Settings\lezaar\Bureaublad\DownloadedFiles\SamsungD600\USBD600_V92.exe
c:\Documents and Settings\lezaar\Bureaublad\madrvtemp\install.exe
c:\Documents and Settings\lezaar\Bureaublad\madrvtemp\MdmSetup\Exec2000.exe
c:\Documents and Settings\lezaar\Bureaublad\madrvtemp\MdmSetup\ExecNT.exe
c:\Documents and Settings\lezaar\Bureaublad\madrvtemp\MdmSetup\MaMdmSetup_USB.exe
c:\Documents and Settings\lezaar\Bureaublad\madrvtemp\MdmSetup\Once98.exe
c:\Documents and Settings\lezaar\Bureaublad\madrvtemp\Driver\DrvInst.exe
c:\Documents and Settings\lezaar\Bureaublad\madrvtemp\Driver\Bin\INFSEC16.EXE
c:\Documents and Settings\lezaar\Bureaublad\clean\pskill.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\catchme.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\diff.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\dumphive.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\find2.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\Fport.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\grep.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\KProcCheck.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\LFiles.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\pslist.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\streams.exe
c:\Documents and Settings\lezaar\Bureaublad\DiagHelp\swreg.exe
c:\Documents and Settings\lezaar\Application Data\winantiviruspro2006freeinstall_nl[1].exe
c:\Documents and Settings\lezaar\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
c:\Documents and Settings\lezaar\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\lezaar\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\lezaar\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
c:\Documents and Settings\lezaar\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
c:\Documents and Settings\Gast\Local Settings\Temp\bis6A.exe
c:\Documents and Settings\Gast\Local Settings\Temp\bisC5.exe
c:\Documents and Settings\Gast\Local Settings\Temp\bisC8.exe
c:\Documents and Settings\Gast\Local Settings\Temp\GLB1A2B.EXE
c:\Documents and Settings\Gast\Local Settings\Temp\~nsu.tmp\Au_.exe
c:\Documents and Settings\Gast\Mijn documenten\Install_Messenger.exe
c:\Documents and Settings\Gast\Mijn documenten\MsgPlus.exe
c:\Documents and Settings\Gast\Mijn documenten\MsgPlusLive-400.exe
c:\Documents and Settings\Gast\Mijn documenten\MsgPlusLive-420.exe
c:\Documents and Settings\Gast\Mijn documenten\Mijn muziek\SoF2.exe
c:\Documents and Settings\Gast\Mijn documenten\Mijn muziek\SoF2MP.exe
c:\Documents and Settings\Gast\Bureaublad\bd050303\rawrite2.exe
c:\Documents and Settings\Gast\Application Data\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_440d491c.exe
c:\Documents and Settings\Gast\Application Data\Adverts\uninst.exe
c:\Documents and Settings\Gast\Application Data\Else plus\dxficgpj.exe
c:\Documents and Settings\Gast\Application Data\Else plus\lekjuqdb.exe
c:\Documents and Settings\Gast\Application Data\Else plus\sqmstvcl.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

****** Fin du rapport DiagHelp

***************************************
***************************************
***************************************

[CODE]

2007-07-02,18:11:21

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<updateMgr><C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9> [N/A]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
<DDC><C:\WINDOWS\system32\syrebjel.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ntiMUI><C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe> []
<RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<SiSPower><Rundll32.exe SiSPower.dll,ModeAgent> [Silicon Integrated Systems Corporation]
<eRecoveryService><C:\Acer\Empowering Technology\eRecovery\Monitor.exe> [acer Inc.]
<AspireService><C:\Program Files\Acer\Acer eMode Management\AspireService.exe> [Acer Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<OESpamTest><C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE> [Ashmanov & Partners]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BearShare><; "C:\Program Files\BearShare\BearShare.exe" /pause> [N/A]
<CloneCDTray><; C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe> [Elaborate Bytes]
<DriveCleaner 2006 Free><; "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min> [N/A]
<ElbyCheckElbyCDFL><; "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL> [Elaborate Bytes]
<EPSON Stylus DX3800 Series><; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"> [(Verified)Microsoft Windows Publisher]
<LaunchApp><; Alaunch> [N/A]
<MediaSync><; C:\Program Files\Acer\Acer eConsole\MediaSync.exe> [Acer Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<New.net Startup><; rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s> [N/A]
<RealTray><; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER> [N/A]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Publisher]
<udc6cw><; "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WhenUSave><; "C:\Program Files\Save\Save.exe"> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WinAntiVirusPro2006><; C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min> [N/A]
<zango><; "c:\program files\zango\zango.exe"> [N/A]

==================================
Startup Folders
[Kaspersky Anti-Hacker]
<C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kaspersky Anti-Hacker.lnk --> C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\KAVPF.exe [Kaspersky Lab]><N>
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
Services
[Ad-Aware 2007 Service / aawservice][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"><Lavasoft AB>
[Acer Media Server / Acer Media Server][Running/Auto Start]
<"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"><Acer Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[kavsvc / kavsvc][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>

==================================
Drivers
[ADMtek ADM8511/AN986 USB To Fast Ethernet Converter / ADM8511][Running/Manual Start]
<system32\DRIVERS\ADM8511.SYS><ADMtek Incorporated>
[PPdus ASPI Shell / Afc][Running/Manual Start]
<system32\drivers\Afc.sys><Arcsoft, Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ElbyCDFL / ElbyCDFL][Running/Manual Start]
<System32\Drivers\ElbyCDFL.sys><Elaborate Bytes>
[ElbyCDIO Driver / ElbyCDIO][Running/Auto Start]
<System32\Drivers\ElbyCDIO.sys><Elaborate Bytes>
[int15.sys / int15.sys][Running/Auto Start]
<\??\C:\Acer\Empowering Technology\eRecovery\int15.sys><N/A>
[Kl1 / Kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif][Running/System Start]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/System Start]
<System32\drivers\klmc.sys><Kaspersky Lab>
[Klpf / Klpf][Running/Boot Start]
<\SystemRoot\System32\drivers\Klpf.sys><KL>
[Klpid / Klpid][Running/Boot Start]
<\SystemRoot\System32\drivers\Klpid.sys><KL>
[MaVctrl / MaVctrl][Running/Auto Start]
<system32\DRIVERS\MaVc2K.sys><Mobile Action Technology Inc.>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
<system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[Stuurprogramma voor Directe parallelle verbinding / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[CANYON CN-WCAM21 PC-Camera / SoC PC-Camera Service][Stopped/Manual Start]
<system32\DRIVERS\pfc027.sys><>
[Player Recovery Device Control Driver / StMp3Rec][Stopped/Manual Start]
<System32\Drivers\StMp3Rec.sys><Microsoft Corporation>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070507.001\symidsco.sys><N/A>
[World Standard Teletext-codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[]
{D833631B-E7CA-45C4-8CFC-7B4678CD65A8} <C:\WINDOWS\system32\awtsq.dll, N/A>
[]
{E0D98C12-75E0-4856-98EF-BF63E9CDA21A} <C:\WINDOWS\system32\ssttt.dll, N/A>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Java Plug-in 1.6.0_01]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[PalTalk]
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} <C:\Program Files\Paltalk Messenger\Paltalk.exe, AVM Software Inc.>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\YAHOO!\Common\yinsthelper.dll, Yahoo! Inc.>
[Java Plug-in 1.6.0_01]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_05]
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web-browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
{D833631B-E7CA-45C4-8CFC-7B4678CD65A8} <C:\WINDOWS\system32\awtsq.dll, N/A>
[]
{E0D98C12-75E0-4856-98EF-BF63E9CDA21A} <C:\WINDOWS\system32\ssttt.dll, N/A>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON C
a b 8 Sécurité
2 Juillet 2007 20:33:59

Pourquoi tous ces rapports ?!
Je veux juste le Hijackthis et le Combofix.

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
2 Juillet 2007 22:14:13

voice le rapport merci angeldark pour ton aide:

ma 02-07-2007 a 22:06:09,70

*** Recherche C:

*** Recherche C:\WINDOWS\

*** Recherche C:\WINDOWS\system32

*** Recherche C:\Program Files
"C:\Program Files\MediaGateway\" FOUND
*** End of the report !
Contenus similaires
a b 8 Sécurité
2 Juillet 2007 22:28:14

Les rapports demandés ?
3 Juillet 2007 01:23:10

Ils sont dans mon premier message mais bon les voila :

Logfile of HijackThis v1.99.1
Scan saved at 19:13:13, on 2-7-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kijkgratistv.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D833631B-E7CA-45C4-8CFC-7B4678CD65A8} - C:\WINDOWS\system32\awtsq.dll (file missing)
O2 - BHO: (no name) - {E0D98C12-75E0-4856-98EF-BF63E9CDA21A} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [BearShare] ; "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [CloneCDTray] ; C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] ; "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] ; "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] ; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [LaunchApp] ; Alaunch
O4 - HKLM\..\Run: [MediaSync] ; C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [NeroCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] ; rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RealTray] ; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [udc6cw] ; "C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c
O4 - HKLM\..\Run: [WinAntiVirusPro2006] ; C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [zango] ; "c:\program files\zango\zango.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\syrebjel.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] ; "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?27cfe594aef94bd4a8e96cd7bc6cef76
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?27cfe594aef94bd4a8e96cd7bc6cef76
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe

"lezaar" - 2007-07-02 17:44:08 - ComboFix 07-06-27.7 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\iifcdba.dll
C:\WINDOWS\system32\rqropol.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\lezaar.\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\Program Files\Common Files\companion wizard\WapCHK{C4FEB99E-EC9A-4347-AB36-6C61C289B29D}.dll
C:\Program Files\Common Files\companion wizard\WapCHK{D7E9D953-283C-4D22-8472-144A6545C5DD}.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\drivers\fopn.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 17:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 16:37 128,576 --a------ C:\WINDOWS\system32\psyftkur.dll
2007-07-01 21:30 128,576 --a------ C:\WINDOWS\system32\ofajeiss.dll
2007-06-30 19:45 128,576 --a------ C:\WINDOWS\system32\xohktytd.dll
2007-06-29 10:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-29 10:19 128,576 --a------ C:\WINDOWS\system32\lrayoqkk.dll
2007-06-28 18:00 51,038 --a------ C:\WINDOWS\system32\drivers\mad600u.sys
2007-06-28 18:00 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2007-06-28 18:00 49,484 --a------ C:\WINDOWS\system32\drivers\mardpnp.sys
2007-06-28 18:00 36,586 --a------ C:\WINDOWS\system32\drivers\mavcomm.sys
2007-06-28 18:00 25,044 --a------ C:\WINDOWS\system32\drivers\mad600m.sys
2007-06-28 18:00 24,789 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2007-06-28 18:00 11,473 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2007-06-28 17:50 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-06-28 17:48 <DIR> d-------- C:\WINDOWS\system32\Samsung
2007-06-28 17:48 <DIR> d-------- C:\Program Files\Samsung
2007-06-28 17:23 <DIR> d-------- C:\VundoFix Backups
2007-06-28 17:15 128,576 --a------ C:\WINDOWS\system32\johmmiht.dll
2007-06-28 16:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-28 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-28 16:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-28 16:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-28 16:45 <DIR> d-------- C:\Program Files\Hijack This
2007-06-28 16:10 128,576 --a------ C:\WINDOWS\system32\hjuplbou.dll
2007-06-27 08:55 66,112 --a------ C:\WINDOWS\system32\oytkxvpd.dll
2007-06-21 20:14 <DIR> d--hs---- C:\FOUND.030
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 22:34 <DIR> d-------- C:\Program Files\Windows Live
2007-06-03 22:34 <DIR> d-------- C:\Program Files\Messenger Plus! Live


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-21 14:56:44 -------- d-----w C:\Program Files\SigmaTel
2007-05-21 14:24:58 -------- d-----w C:\Program Files\MP3 Player Utilities 3.79
2007-05-21 14:18:46 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\AdobeUM
2007-05-17 19:47:30 304,182 ----a-w C:\StiImg.dat
2007-05-16 15:48:24 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\Paltalk
2007-05-16 15:48:20 -------- d-----w C:\Program Files\Paltalk Messenger
2007-05-16 15:19:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 13:42:58 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\Google
2007-05-10 13:39:54 -------- d-----w C:\Program Files\directx
2007-05-10 13:33:14 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\SpamTest
2007-05-10 13:33:12 -------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2007-05-10 13:33:00 -------- d-----w C:\Program Files\Kaspersky Lab
2007-05-09 22:01:22 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-04 16:25:36 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\NeroVision
2007-05-04 16:18:58 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-04 16:18:52 -------- d-----w C:\Program Files\Ahead
2007-05-02 17:00:32 -------- d-----w C:\DOCUME~1\lezaar\APPLIC~1\Ahead
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{D833631B-E7CA-45C4-8CFC-7B4678CD65A8}=C:\WINDOWS\system32\awtsq.dll []
{E0D98C12-75E0-4856-98EF-BF63E9CDA21A}=C:\WINDOWS\system32\ssttt.dll []
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 21:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"SiSPower"="SiSPower.dll" [2005-07-13 02:55 C:\WINDOWS\system32\SiSPower.dll]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 16:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"OESpamTest"="C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE" [2005-08-04 19:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"DDC"="C:\WINDOWS\system32\syrebjel.exe" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]
"C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\udc6cw]
"C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Program Files\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\program files\zango\zango.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-02 15:00:02 C:\WINDOWS\tasks\ADB45F38918BD2B8.job
2007-07-02 15:21:04 C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 17:50:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 17:53:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 17:52

--- E O F ---
3 Juillet 2007 07:59:05

Pouvez-vous m'aider svp parceque je sais pas quoi faire???
a b 8 Sécurité
3 Juillet 2007 12:13:00

Tu peux patienter ?!

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\WINDOWS\system32\psyftkur.dll
C:\WINDOWS\system32\ofajeiss.dll
C:\WINDOWS\system32\xohktytd.dll
C:\WINDOWS\system32\lrayoqkk.dll
C:\WINDOWS\system32\johmmiht.dll
C:\WINDOWS\system32\hjuplbou.dll
C:\WINDOWS\system32\oytkxvpd.dll


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter