Isaura

Mijn antivirus hield een bestand tegen dat EICAR TEST file heet,maar er is geen optie om dit toe te laten of niet. Hier is de combofix log: ComboFix 08-03-27.3 - Isaura 2008-03-29 12:06:15.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.2002 [GMT 1:00] Gestart vanuit: C:\Users\Isaura\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\#SharedObjects\YFB3CFP7\iforex.com C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\#SharedObjects\YFB3CFP7\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))) . 2008-03-29 00:24 . 2008-03-29 00:24 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BSplayer Pro 2008-03-29 00:24 . 2008-03-29 02:32 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BSplayer 2008-03-29 00:24 . 2008-03-29 02:32 <DIR> d-------- C:\Program Files\Webteh 2008-03-29 00:24 . 2008-03-29 02:21 <DIR> d-------- C:\Program Files\AdVantage 2008-03-28 15:46 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Searches 2008-03-28 15:46 . 2008-03-28 15:46 <DIR> d-------- C:\Users\Gast\AppData\Roaming\GTek 2008-03-28 15:46 . 2008-03-28 15:46 <DIR> d-------- C:\Users\Gast\AppData\Roaming\BullGuard 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Videos 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Saved Games 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Pictures 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Music 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Links 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Downloads 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Documents 2008-03-28 15:45 . 2008-03-28 15:45 <DIR> dr------- C:\Users\Gast\Contacts 2008-03-28 15:45 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Gast\AppData\Roaming\Media Center Programs 2008-03-28 15:45 . 2008-03-28 15:46 <DIR> d--h----- C:\Users\Gast\AppData 2008-03-28 02:55 . 2008-03-28 02:55 <DIR> d-------- C:\Users\Johan\Program Files 2008-03-28 01:36 . 2008-03-29 02:26 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BitTorrent 2008-03-28 01:30 . 2008-03-29 03:22 <DIR> d-------- C:\Users\Johan\AppData\Roaming\DNA 2008-03-28 01:30 . 2008-03-28 01:30 <DIR> d-------- C:\Program Files\DNA 2008-03-28 01:30 . 2008-03-28 01:30 <DIR> d-------- C:\Program Files\BitTorrent 2008-03-26 18:09 . 2008-03-26 18:09 <DIR> d-------- C:\Users\Johan\AppData\Roaming\InstallShield Installation Information 2008-03-26 18:08 . 2008-03-26 18:08 <DIR> d-------- C:\Program Files\Unreal Tournament 3 Demo 2008-03-26 18:07 . 2008-03-26 18:07 <DIR> d-------- C:\Windows\System32\AGEIA 2008-03-26 18:07 . 2008-03-26 18:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-26 18:07 . 2008-03-26 18:07 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-03-26 18:00 . 2008-03-29 01:05 <DIR> d-------- C:\Users\Johan\Installs 2008-03-25 15:51 . 2008-03-25 15:51 <DIR> d-------- C:\Users\Public\CyberLink 2008-03-25 15:50 . 2008-03-25 15:50 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\CyberLink 2008-03-24 08:47 . 2008-03-24 08:47 <DIR> d-------- C:\Users\All Users\Adobe Systems 2008-03-24 08:47 . 2008-03-24 08:47 <DIR> d-------- C:\ProgramData\Adobe Systems 2008-03-24 08:39 . 2008-03-24 08:39 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-23 09:43 . 2008-03-23 09:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-03-23 09:40 . 2008-03-23 09:41 <DIR> d-------- C:\Program Files\Java 2008-03-23 09:40 . 2008-03-23 09:40 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-23 08:54 . 2008-03-23 08:54 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\Ulead Systems 2008-03-23 07:27 . 2008-03-23 07:27 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\Template 2008-03-23 07:22 . 2008-03-23 07:22 0 --a------ C:\Users\Isaura\AppData\Roaming\wklnhst.dat 2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Videos 2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Searches 2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Saved Games 2008-03-23 06:55 . 2008-03-28 10:05 <DIR> dr------- C:\Users\Isaura\Pictures 2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Music 2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Links 2008-03-23 06:55 . 2008-03-28 11:09 <DIR> dr------- C:\Users\Isaura\Downloads 2008-03-23 06:55 . 2008-03-25 12:19 <DIR> dr------- C:\Users\Isaura\Documents 2008-03-23 06:55 . 2008-03-23 14:17 <DIR> dr------- C:\Users\Isaura\Contacts 2008-03-23 06:55 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\Media Center Programs 2008-03-23 06:55 . 2008-03-23 06:55 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\GTek 2008-03-23 06:55 . 2008-03-29 09:46 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\BullGuard 2008-03-23 06:55 . 2008-03-23 06:55 <DIR> d--h----- C:\Users\Isaura\AppData 2008-03-22 21:17 . 2008-03-22 21:17 <DIR> d-------- C:\Program Files\GPotato 2008-03-22 21:17 . 2008-03-22 21:17 65,536 --a------ C:\Windows\IFinst27.exe 2008-03-22 19:52 . 2008-03-22 19:52 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-03-22 19:52 . 2008-03-22 19:52 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-03-22 19:48 . 2008-03-22 19:48 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-03-22 19:48 . 2008-03-22 19:48 <DIR> d-------- C:\ProgramData\WLInstaller 2008-03-22 19:48 . 2008-03-22 19:51 <DIR> d-------- C:\Program Files\Windows Live 2008-03-22 19:48 . 2008-03-22 19:51 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-22 19:38 . 2008-03-22 19:38 <DIR> d-------- C:\Users\Johan\AppData\Roaming\CyberLink 2008-03-22 19:32 . 2008-03-22 19:32 50,896 --a------ C:\Windows\System32\drivers\BdFileSpy.sys 2008-03-22 19:32 . 2008-03-22 19:32 14,152 --a------ C:\Windows\System32\lccl.dll 2008-03-22 19:32 . 2008-03-22 19:32 14,152 --a------ C:\Windows\System32\client_cc.dll 2008-03-22 19:25 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-22 19:25 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-22 19:11 . 2008-03-29 00:54 <DIR> dr------- C:\Users\Johan\Videos 2008-03-22 19:11 . 2008-03-22 19:11 <DIR> dr------- C:\Users\Johan\Searches 2008-03-22 19:11 . 2008-03-22 20:28 <DIR> dr------- C:\Users\Johan\Saved Games 2008-03-22 19:11 . 2008-03-22 19:11 <DIR> dr------- C:\Users\Johan\Pictures 2008-03-22 19:11 . 2008-03-25 00:52 <DIR> dr------- C:\Users\Johan\Music 2008-03-22 19:11 . 2008-03-22 19:11 <DIR> dr------- C:\Users\Johan\Links 2008-03-22 19:11 . 2008-03-28 03:01 <DIR> dr------- C:\Users\Johan\Downloads 2008-03-22 19:11 . 2008-03-28 01:38 <DIR> dr------- C:\Users\Johan\Documents 2008-03-22 19:11 . 2008-03-25 00:57 <DIR> dr------- C:\Users\Johan\Contacts 2008-03-22 19:11 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Johan\AppData\Roaming\Media Center Programs 2008-03-22 19:11 . 2008-03-22 19:11 <DIR> d-------- C:\Users\Johan\AppData\Roaming\GTek 2008-03-22 19:11 . 2008-03-29 02:30 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BullGuard 2008-03-22 19:11 . 2008-03-28 22:22 <DIR> d--h----- C:\Users\Johan\AppData 2008-03-22 19:06 . 2008-03-22 19:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts 2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-------- C:\Users\All Users\Google 2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-a------ C:\Program Files\GoogleEULA 2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-------- C:\Program Files\Google . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 23:11 --------- d-----w C:\ProgramData\BullGuard 2008-03-25 14:51 --------- d-----w C:\ProgramData\Cyberlink 2008-03-24 07:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-24 07:40 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-22 19:01 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-22 18:28 --------- d-----w C:\Program Files\Windows Mail 2008-03-22 18:12 --------- d-----w C:\ProgramData\Gtek 2008-03-22 18:11 --------- d-----w C:\ProgramData\NVIDIA 2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Sjablonen 2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Menu Start 2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Favorieten 2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Documenten 2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Bureaublad 2008-02-13 12:07 --------- d-----w C:\Program Files\HomeCinema 2008-02-13 12:03 --------- d-----w C:\Program Files\Cyberlink 2008-02-13 12:01 --------- d-----w C:\Program Files\Common Files\Nero 2008-02-13 12:00 --------- d-----w C:\ProgramData\Nero 2008-02-13 12:00 --------- d-----w C:\Program Files\Nero 2008-02-13 11:01 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-13 10:57 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-02-13 10:57 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-02-13 10:57 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-02-13 10:57 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-02-13 10:57 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-02-13 10:57 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-02-13 10:57 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-02-13 10:57 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-02-13 10:57 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 10:56 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 10:56 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 10:56 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-02-13 10:56 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 10:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-02-13 10:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-02-13 10:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 10:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 10:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 10:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 10:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-02-13 10:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-02-13 10:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 10:18 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-02-13 10:18 --------- d-----w C:\Program Files\Realtek 2007-10-12 14:08 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-13 11:55 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll] "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-03-22 19:32 308552] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 14:41 970752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-12 13:39 1006264] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "TVEService"="C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 17:42 155648] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 23:19 178712] "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-03-22 19:32 308552] "NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 10:14 439512] "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 10:18 215256] "RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 15:50 4706304 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-10-11 11:04 1826816 C:\Windows\SkyTel.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-14 03:28 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-14 03:28 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-14 03:28 81920] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 14:54 16896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-22 19:00 220160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7D4572D2-8784-406B-A5F8-4D2D5959C3C3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FFADDC61-246B-4985-9A66-50351C78F6D6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{31767E90-F446-4E00-812E-84AA42CC264D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{750444E4-9977-4204-98A1-6D956B2E46DC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{AEDD3BB0-38BB-4736-9DB4-96BF96EAE3F1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{B07A6A26-92B7-4FCE-B8C3-EAE549466843}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{3C6AF1D9-ACF3-4195-9602-5EF8FAC65380}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{1FED2666-923C-4A82-B741-A7FC4EE1D9F6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{C06E1107-89C0-4DAF-978F-9DD588D3FC36}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv Media Server Discovery "{11297E20-CFAF-45CB-89E6-465AA8EA2C4E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{4A72BF13-1DD4-484F-8692-152511D4C267}"= C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance "{D72B71F6-74BE-4417-98C6-370B0F1B93FE}"= C:\Program Files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program "{0957244D-6AE3-404A-9F9F-20549BB40341}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc "{B3CA7FFE-CC21-47A4-AFC3-C66C42F4E449}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector "{60F06109-F1C7-4580-85F1-025D1A64AD15}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{906B0A98-9444-4ADD-B60F-D7799BFD7001}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B5C547E7-36CF-452B-A9C5-BD4617420527}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{C9B8E7A3-F83F-45F0-A817-7B3265D1AE16}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{7D6425E2-1F92-4D90-836F-733159D20C87}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{ABD58CF4-69CA-4B43-940F-9F30D5235D64}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "TCP Query User{A2DB6E66-4D77-4B4F-801A-B1CB83AB0BE3}C:\\users\\johan\\program files\\dna\\btdna.exe"= UDP:C:\users\johan\program files\dna\btdna.exe:btdna.exe "UDP Query User{A89BA770-26CA-40F6-BD47-E1B4189F41DF}C:\\users\\johan\\program files\\dna\\btdna.exe"= TCP:C:\users\johan\program files\dna\btdna.exe:btdna.exe "{0A4C0597-A28C-4EE3-B9A9-06D7FB94FA80}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{07238CDA-4C18-47F6-8C17-21B3B05EA1C2}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-03-22 19:32] R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 11:46] R2 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 10:14] R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34] R2 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 10:17] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe" [2007-10-19 17:42] R2 TVESched;TVEnhance Task Scheduler (TTS));"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe" [2007-10-19 17:42] R3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 08:17] R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-10-30 13:58] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-09-21 09:38] R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 12:07] R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 09:31] S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 10:15] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy . Inhoud van de 'Gedeelde Taken' map "2008-03-22 18:52:21 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-29 12:10:04 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe . ************************************************************************** . Voltooingstijd: 2008-03-29 12:12:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-29 11:12:21 Pre-Run: 407,560,515,584 bytes beschikbaar Post-Run: 407,763,890,176 bytes beschikbaar . 2008-03-25 23:12:45 --- E O F ---

wat ik ook nog even wou zeggen is dat het virus Application.Memedia.B heet

Ik heb hijackthis zip gedownload en heb een system scan and save a logfile gedaan.Het ging heel snel.Hier is het resultaat: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:04:44, on 29/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HomeCinema\TV Enhance\TVEService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Isaura\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206261690_a748d5fd16a8f01ebf093259b8302572&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9227 bytes

Hallo, ik heb zopas een nieuwe pc met windows vista,maar er is blijkbaar al een virus op. Wanneer ik in mijn hotmail ging,kwam bullgard op en toonde vier geïnfecteerde files.De files zitten in program files in de map adVantage en ze heten: SET3185.tmp SET7601.tmp SET40A3.tmp SET67CD.tmp (gewijzigd op 29/03/2008 2:21) Wanneer ik naar de map ga en de files scan om het probleem op te lossen,kan ik de files herstellen,maar ook wanneer dit lukt,komt een minuut daarna weer hetzelde scherm dat zegt dat de files geinfecteerd zijn. Nu heb ik mijn log naar bullgard gestuurd,en minder dan 1 minuut later ontvang ik al een email met wat ik moet doen.Is het wel normaal dat dit zo snel gebeurd? Hier is de email: Dear BullGuard User, Thank you for submitting the scan-log. Here is what you have to do in order to remove the infections from your computer: 1. Please reboot your computer in Safe Mode by tapping the F8 key when the computers starts (before the Windows logo screen comes up) and when reaching the start up menu, please be sure to select the Safe Mode option. Also, enable the option Show Hidden Files and Folders. In order to do so please follow the 3 steps below: - Open Start menu > Control Panel > Folder Options > View tab. - Search for the option Show Hidden Files and Folders and make sure it is enabled. - Uncheck Hide Protected Operating System Files. Press Apply and Ok. 2. Browse to the following location and manually delete it by selecting it and pressing Shift+Del to make sure it doesn't end up in the Recycle Bin: C:\Program Files\AdVantage 3. Manually empty your Recycle Bin folder by right clicking it and choose the empty Recycle Bin option; make sure that you do this on all existing accounts on your computer. 4. Remove the content of the BullGuard Quarantine this way: - open BullGuard > Antivirus > Quarantine; - check the box left to the "File-name" line > click on the "Delete" button. 5. Restart in Normal Mode and run another scan with BullGuard to make sure your computer is clean. Do not hesitate to get back to us if you encounter any difficulties. Thank you for your collaboration. Kind regards, Laurentiu Zburlea BullGuard Support Team support@bullguard.com BullGuard Antivirus, Antispyware, Firewall, Spamfilter, Backup and Support - all the security you need in one package! Ik heb zelf al geprobeerd om de files te deleten met shift delete zonder opnieuw op te starten en op f8 te duwen,maar ik kan ze niet verwijderen omdat ik geen toegang heb.Dat is raar omdat ik ook administrator ben net als mijn broer. Hopelijk kan iemand mij verder helpen.