Ga naar inhoud

[OPGELOST] Trojan Horse door Norton in quarantaine


Aanbevolen berichten

Hieronder het logje van HJT

Zijn er nu nog gevaren?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:15:12, on 14/04/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

Running processes:

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Trooner.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O3 - Toolbar: (no name) - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O20 - AppInit_DLLs: APSHook.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 10001 bytes

Link naar reactie
Delen op andere sites

In de quarantaine zit je virus veilig en wel opgeborgen. Maar klopt wat Jurgen zegt. Als er nog andere bronnen op je PC zitten zijn de aangeduide programma's nuttig om dit uit te zoeken.

Logje van HiJackThis ziet er alvast netjes uit :-)

Nu Malwarebytes nog ?

Link naar reactie
Delen op andere sites

Heb uiteindelijk naar de officiële website gezocht en heb de snelle scan uitgevoerd

Hier het logje:

Malwarebytes' Anti-Malware 1.41

Database versie: 2818

Windows 6.0.6000

17/09/2009 23:47:54

mbam-log-2009-09-17 (23-47-54).txt

Scan type: Snelle Scan

Objecten gescand: 89970

Verstreken tijd: 6 minute(s), 16 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 1

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 4

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\WINDOWS\xcbhwuq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\xewuaqj.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\xfjzrby.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\xhbxcnv.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

Naast de opslag in de quarantaine is er toch ook nog wat even ontsnapt. Malwarebytes heeft dat opgevangen, maar wil je - voor alle zekerheid - nog even dit laten runnen :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites

Hieronder het logje van CombiFix

Moet er wel bij zeggen dat ik Norton heb kunnen uitschakelen, maar Spybot wilde niet luisteren, maar heeft geen problemen gegeven tijdens de scan.

De Laptop heb ik ook niet moeten heropstarten. De log kwam meteen na de scan op het scherm. Hier is het resultaat.

ComboFix 09-09-17.04 - Gebruiker 18/09/2009 17:38.2.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.2046.1167 [GMT 2:00]

Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

SP: Norton AntiVirus *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2492062651-110799253-2921662863-500

c:\users\Gebruiker\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc

c:\users\Gebruiker\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC

c:\windows\pvpeformr.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))))

.

2009-09-18 15:45 . 2009-09-18 15:45 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp

2009-09-18 15:45 . 2009-09-18 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-17 21:26 . 2009-09-17 21:26 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes

2009-09-17 21:26 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 21:26 . 2009-09-17 21:26 -------- d-----w- c:\programdata\Malwarebytes

2009-09-17 21:26 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-17 21:26 . 2009-09-17 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-07 19:09 . 2009-09-17 19:37 -------- d-----w- c:\users\Gebruiker\El condor pasa

2009-08-26 14:48 . 2009-08-26 14:48 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\dvdcss

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-17 22:24 . 2007-12-05 12:21 12 ----a-w- c:\windows\bthservsdp.dat

2009-09-17 15:28 . 2006-11-02 16:11 689618 ----a-w- c:\windows\system32\perfh013.dat

2009-09-17 15:28 . 2006-11-02 16:11 122796 ----a-w- c:\windows\system32\perfc013.dat

2009-09-16 15:21 . 2007-05-20 01:50 -------- d-----w- c:\programdata\Roxio

2009-09-11 20:41 . 2008-11-01 16:13 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-09-11 20:41 . 2008-11-01 16:13 -------- d-----w- c:\program files\Symantec

2009-09-11 20:41 . 2007-05-20 01:54 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-09-11 20:41 . 2007-05-20 01:54 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-09-04 22:09 . 2007-12-08 11:40 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\LimeWire

2009-08-18 18:59 . 2008-12-20 10:25 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2009-07-23 16:29 . 2009-02-26 21:18 9776 ----a-w- c:\users\Gebruiker\AppData\Roaming\mdbu.bin

.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_08.40.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat

+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6000.16386_none_15a888c6f5e4436c\msdtcvtr.bat

+ 2007-05-20 01:26 . 2009-09-18 15:24 53266 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-09-18 15:25 86978 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2007-12-05 14:37 . 2009-09-18 15:25 11142 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-148981826-613539924-251153906-1000_UserData.bin

+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\System32\Msdtc\Trace\msdtcvtr.bat

+ 2009-09-12 08:34 . 2009-08-18 18:59 25648 c:\windows\System32\DriverStore\FileRepository\symimv.inf_8e7ce9f4\SymIMV.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 48688 c:\windows\System32\drivers\NAV\1007020.00B\symndisv.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 36400 c:\windows\System32\drivers\NAV\1007020.00B\symndis.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 33072 c:\windows\System32\drivers\NAV\1007020.00B\symids.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 89904 c:\windows\System32\drivers\NAV\1007020.00B\symfw.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 43696 c:\windows\System32\drivers\NAV\1007020.00B\srtspx.sys

+ 2007-12-05 13:12 . 2009-09-18 15:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-12-05 13:12 . 2009-04-15 08:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-12-05 13:12 . 2009-04-15 08:10 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2007-12-05 13:12 . 2009-09-18 15:21 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-12-05 13:12 . 2009-04-15 08:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-12-05 13:12 . 2009-09-18 15:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-02-14 18:12 . 2009-09-13 20:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-02-14 18:12 . 2009-04-14 18:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-02-14 18:12 . 2009-04-14 18:58 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-02-14 18:12 . 2009-09-13 20:59 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-02-14 18:12 . 2009-09-13 20:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-02-14 18:12 . 2009-04-14 18:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-10 14:49 . 2009-01-10 14:49 23040 c:\windows\Installer\a35e79.msi

+ 2009-01-10 14:49 . 2009-01-10 14:49 25088 c:\windows\Installer\a35e49.msi

+ 2009-01-10 14:49 . 2009-01-10 14:49 28160 c:\windows\Installer\a35e3a.msi

+ 2009-01-10 14:48 . 2009-01-10 14:48 59904 c:\windows\Installer\a35e06.msi

+ 2007-12-05 15:15 . 2007-12-05 15:15 68096 c:\windows\Installer\25ff2b.msi

- 2006-11-02 10:25 . 2009-03-26 18:22 86016 c:\windows\inf\infstor.dat

+ 2006-11-02 10:25 . 2009-09-12 08:34 86016 c:\windows\inf\infstor.dat

+ 2006-11-02 10:25 . 2009-09-12 08:34 51200 c:\windows\inf\infpub.dat

- 2006-11-02 10:25 . 2009-03-26 18:22 51200 c:\windows\inf\infpub.dat

+ 2009-07-16 08:29 . 2009-07-16 08:29 9560 c:\windows\System32\networklist\icons\{2D791C47-0D1C-4A5C-A7AF-C5ECA9272E65}_48.bin

+ 2009-07-16 08:29 . 2009-07-16 08:29 4280 c:\windows\System32\networklist\icons\{2D791C47-0D1C-4A5C-A7AF-C5ECA9272E65}_32.bin

+ 2009-07-16 08:29 . 2009-07-16 08:29 2456 c:\windows\System32\networklist\icons\{2D791C47-0D1C-4A5C-A7AF-C5ECA9272E65}_24.bin

- 2009-04-15 08:38 . 2009-04-15 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-09-18 15:21 . 2009-09-18 15:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-09-18 15:21 . 2009-09-18 15:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-04-15 08:38 . 2009-04-15 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 10:33 . 2009-09-17 15:28 610142 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-04-15 08:18 610142 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-04-15 08:18 103924 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-09-17 15:28 103924 c:\windows\System32\perfc009.dat

+ 2009-05-20 22:20 . 2005-02-24 09:51 348160 c:\windows\System32\NCTWMAFile2.dll

- 2008-05-01 18:02 . 2005-02-24 09:51 348160 c:\windows\System32\NCTWMAFile2.dll

+ 2009-05-20 22:20 . 2005-03-28 13:52 417792 c:\windows\System32\NCTTextToAudio2.dll

- 2008-05-01 18:02 . 2005-03-28 13:52 417792 c:\windows\System32\NCTTextToAudio2.dll

- 2008-05-01 18:02 . 2005-03-28 13:54 479232 c:\windows\System32\NCTAudioVisualization2.dll

+ 2009-05-20 22:20 . 2005-02-24 10:11 479232 c:\windows\System32\NCTAudioVisualization2.dll

+ 2009-05-20 22:20 . 2005-02-24 10:11 602112 c:\windows\System32\NCTAudioTransform2.dll

- 2008-05-01 18:02 . 2005-04-04 15:21 602112 c:\windows\System32\NCTAudioTransform2.dll

+ 2009-05-20 22:20 . 2005-03-10 14:00 454656 c:\windows\System32\NCTAudioRecord2.dll

- 2008-05-01 18:02 . 2005-04-25 11:01 458752 c:\windows\System32\NCTAudioPlayer2.dll

+ 2009-05-20 22:20 . 2005-02-24 13:21 458752 c:\windows\System32\NCTAudioPlayer2.dll

+ 2009-05-20 22:20 . 2005-02-25 09:21 876544 c:\windows\System32\NCTAudioEditor2.dll

+ 2009-05-20 22:20 . 2004-11-04 10:31 835584 c:\windows\System32\NCTAudioCDGrabber2.dll

- 2008-05-01 18:02 . 2004-11-04 11:31 835584 c:\windows\System32\NCTAudioCDGrabber2.dll

+ 2009-09-12 08:49 . 2009-08-22 06:37 217136 c:\windows\System32\drivers\NAV\1007020.00B\symtdi.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 310320 c:\windows\System32\drivers\NAV\1007020.00B\SymEFA.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 308272 c:\windows\System32\drivers\NAV\1007020.00B\srtsp.sys

+ 2009-09-12 08:49 . 2009-09-12 08:49 482432 c:\windows\System32\drivers\NAV\1007020.00B\cchpx86.sys

+ 2009-09-12 08:49 . 2009-08-22 06:37 259632 c:\windows\System32\drivers\NAV\1007020.00B\BHDrvx86.sys

+ 2007-05-20 02:28 . 2007-05-20 02:28 281600 c:\windows\Installer\f1de0.msi

+ 2007-05-20 02:28 . 2007-05-20 02:28 182272 c:\windows\Installer\f1ddb.msi

+ 2007-05-20 02:28 . 2007-05-20 02:28 400384 c:\windows\Installer\f1dd6.msi

+ 2007-05-20 02:26 . 2007-05-20 02:26 990720 c:\windows\Installer\f1dbb.msi

+ 2007-12-05 15:37 . 2007-12-05 15:37 312320 c:\windows\Installer\a6195.msi

+ 2007-12-05 15:37 . 2007-12-05 15:37 491008 c:\windows\Installer\a618b.msi

+ 2007-12-05 15:37 . 2007-12-05 15:37 898560 c:\windows\Installer\a6164.msi

+ 2007-12-05 15:37 . 2007-12-05 15:37 472576 c:\windows\Installer\a5f08.msi

+ 2007-12-05 15:36 . 2007-12-05 15:36 913920 c:\windows\Installer\a5ee1.msi

+ 2007-12-05 15:36 . 2007-12-05 15:36 343040 c:\windows\Installer\a5ed6.msi

+ 2007-12-05 15:36 . 2007-12-05 15:36 586240 c:\windows\Installer\a5d94.msi

+ 2007-12-05 15:35 . 2007-12-05 15:35 426496 c:\windows\Installer\a5d80.msi

+ 2007-12-05 15:35 . 2007-12-05 15:35 452608 c:\windows\Installer\a5d71.msi

+ 2007-12-05 15:35 . 2007-12-05 15:35 600576 c:\windows\Installer\a5d5a.msi

+ 2007-12-05 15:35 . 2007-12-05 15:35 532480 c:\windows\Installer\a5d3a.msi

+ 2007-12-05 15:35 . 2007-12-05 15:35 646656 c:\windows\Installer\a5d25.msi

+ 2007-12-05 15:34 . 2007-12-05 15:34 628736 c:\windows\Installer\a5cbf.msi

+ 2007-12-05 15:34 . 2007-12-05 15:34 526336 c:\windows\Installer\a5c6b.msi

+ 2007-12-05 15:34 . 2007-12-05 15:34 514560 c:\windows\Installer\a5c33.msi

+ 2007-12-05 15:34 . 2007-12-05 15:34 305664 c:\windows\Installer\a5c24.msi

+ 2007-12-05 15:34 . 2007-12-05 15:34 425472 c:\windows\Installer\a5c19.msi

+ 2007-12-05 15:34 . 2007-12-05 15:34 811520 c:\windows\Installer\a5bf4.msi

+ 2007-12-05 15:33 . 2007-12-05 15:33 326144 c:\windows\Installer\a5af0.msi

+ 2007-12-05 15:33 . 2007-12-05 15:33 500736 c:\windows\Installer\a5adf.msi

+ 2007-12-05 15:33 . 2007-12-05 15:33 391168 c:\windows\Installer\a5ace.msi

+ 2007-12-05 15:33 . 2007-12-05 15:33 592384 c:\windows\Installer\a5a68.msi

+ 2009-01-10 14:57 . 2009-01-10 14:57 212992 c:\windows\Installer\a35f43.msi

+ 2009-01-10 14:57 . 2009-01-10 14:57 549888 c:\windows\Installer\a35f3d.msi

+ 2009-01-10 14:57 . 2009-01-10 14:57 522240 c:\windows\Installer\a35f37.msi

+ 2009-01-10 14:55 . 2009-01-10 14:55 969216 c:\windows\Installer\a35f31.msi

+ 2009-01-10 14:54 . 2009-01-10 14:54 570880 c:\windows\Installer\a35f2b.msi

+ 2009-01-10 14:53 . 2009-01-10 14:53 781824 c:\windows\Installer\a35ef3.msi

+ 2009-01-10 14:52 . 2009-01-10 14:52 478720 c:\windows\Installer\a35eb0.msi

+ 2009-01-10 14:49 . 2009-01-10 14:49 862208 c:\windows\Installer\a35ea5.msi

+ 2009-01-10 14:49 . 2009-01-10 14:49 431104 c:\windows\Installer\a35e6e.msi

+ 2009-01-10 14:48 . 2009-01-10 14:48 141312 c:\windows\Installer\a35e31.msi

+ 2009-01-10 14:48 . 2009-01-10 14:48 202752 c:\windows\Installer\a35e22.msi

+ 2009-01-10 14:48 . 2009-01-10 14:48 152576 c:\windows\Installer\a35e18.msi

+ 2007-10-06 07:45 . 2007-10-06 07:45 203264 c:\windows\Installer\8538c1.msp

+ 2007-12-05 16:11 . 2007-12-05 16:11 100352 c:\windows\Installer\6c9a9.msi

+ 2007-12-06 19:45 . 2007-12-06 19:45 431104 c:\windows\Installer\6346e.msi

+ 2007-05-20 01:32 . 2007-05-20 01:32 864256 c:\windows\Installer\41883.msi

+ 2007-12-05 14:38 . 2007-12-05 14:38 331264 c:\windows\Installer\39734.msi

+ 2007-05-20 02:06 . 2007-05-20 02:06 563200 c:\windows\Installer\37c83.msi

+ 2007-12-05 13:18 . 2007-12-05 13:18 497664 c:\windows\Installer\30fea5.msi

+ 2007-12-05 13:17 . 2007-12-05 13:17 406016 c:\windows\Installer\30fe9f.msi

+ 2007-12-08 23:15 . 2007-12-08 23:15 431104 c:\windows\Installer\29d49df.msi

+ 2008-10-26 11:08 . 2008-10-26 11:08 107008 c:\windows\Installer\27835f.msi

+ 2008-10-26 11:08 . 2008-10-26 11:08 301056 c:\windows\Installer\278359.msi

+ 2007-12-05 15:20 . 2007-12-05 15:20 121344 c:\windows\Installer\25ffca.msi

+ 2007-12-05 15:20 . 2007-12-05 15:20 121344 c:\windows\Installer\25ffb2.msi

+ 2007-12-05 15:19 . 2007-12-05 15:19 121344 c:\windows\Installer\25ff96.msi

+ 2007-12-05 15:19 . 2007-12-05 15:19 121344 c:\windows\Installer\25ff73.msi

+ 2007-12-05 15:19 . 2007-12-05 15:19 484352 c:\windows\Installer\25ff5a.msi

+ 2007-12-05 15:18 . 2007-12-05 15:18 243712 c:\windows\Installer\25ff37.msi

+ 2007-12-05 15:18 . 2007-12-05 15:18 601088 c:\windows\Installer\25ff31.msi

+ 2007-12-09 09:32 . 2007-12-09 09:32 252416 c:\windows\Installer\1dcaf6.msi

+ 2007-12-09 09:32 . 2007-12-09 09:32 241664 c:\windows\Installer\1dcaef.msi

+ 2007-12-09 09:32 . 2007-12-09 09:32 325120 c:\windows\Installer\1dcae9.msi

+ 2007-12-09 09:31 . 2007-12-09 09:31 551936 c:\windows\Installer\1dcae2.msi

+ 2008-06-29 20:03 . 2008-06-29 20:03 891904 c:\windows\Installer\10d0c2e.msi

+ 2007-05-20 01:52 . 2007-05-20 01:52 579584 c:\windows\Installer\109a5b.msi

+ 2007-05-20 01:47 . 2007-05-20 01:47 449536 c:\windows\Installer\10999c.msi

+ 2007-05-20 01:46 . 2007-05-20 01:46 865280 c:\windows\Installer\1098f2.msi

+ 2006-11-02 10:25 . 2009-09-12 08:34 143360 c:\windows\inf\infstrng.dat

- 2006-11-02 10:25 . 2009-03-26 18:22 143360 c:\windows\inf\infstrng.dat

+ 2007-09-18 09:20 . 2007-09-18 09:20 878072 c:\windows\Downloaded Program Files\UploaderX.dll

- 2008-05-01 18:02 . 2005-05-18 09:52 1212416 c:\windows\System32\NCTAudioInformation2.dll

+ 2009-05-20 22:20 . 2005-02-24 10:11 1212416 c:\windows\System32\NCTAudioInformation2.dll

+ 2009-05-20 22:20 . 2005-03-11 15:37 1986560 c:\windows\System32\NCTAudioFile2.dll

- 2008-05-01 18:02 . 2005-04-15 13:25 1986560 c:\windows\System32\NCTAudioFile2.dll

+ 2007-05-20 02:28 . 2007-05-20 02:28 1125376 c:\windows\Installer\f1dea.msi

+ 2007-05-20 02:20 . 2007-05-20 02:20 1004032 c:\windows\Installer\f1da1.msi

+ 2005-10-26 13:59 . 2005-10-26 13:59 2883072 c:\windows\Installer\da6561.msp

+ 2008-01-14 15:54 . 2008-01-14 15:54 5505024 c:\windows\Installer\da654b.msp

+ 2008-01-14 15:53 . 2008-01-14 15:53 5213696 c:\windows\Installer\da6532.msp

+ 2008-01-25 14:29 . 2008-01-25 14:29 5514752 c:\windows\Installer\da651d.msp

+ 2007-11-16 11:58 . 2007-11-16 11:58 5495296 c:\windows\Installer\bed17.msp

+ 2008-05-15 07:50 . 2008-05-15 07:50 5515776 c:\windows\Installer\b9bed4.msp

+ 2007-12-05 15:37 . 2007-12-05 15:37 1351680 c:\windows\Installer\a5f30.msi

+ 2008-04-18 12:26 . 2008-04-18 12:26 5518336 c:\windows\Installer\9fea64.msp

+ 2008-04-01 12:33 . 2008-04-01 12:33 5479936 c:\windows\Installer\9fea4e.msp

+ 2007-11-14 15:00 . 2007-11-14 15:00 4117504 c:\windows\Installer\8538ba.msp

+ 2009-02-26 22:30 . 2009-02-26 22:30 1021952 c:\windows\Installer\7ca8f2.msi

+ 2008-05-17 08:44 . 2008-05-17 08:44 1383424 c:\windows\Installer\65d8cb.msi

+ 2007-12-05 14:57 . 2007-12-05 14:57 5802496 c:\windows\Installer\3977a.msi

+ 2007-05-20 02:08 . 2007-05-20 02:08 4462080 c:\windows\Installer\37c8e.msi

+ 2007-05-20 02:43 . 2007-05-20 02:43 1067520 c:\windows\Installer\348c6.msi

+ 2007-05-20 02:38 . 2007-05-20 02:38 2382336 c:\windows\Installer\348b6.msi

+ 2008-03-16 15:11 . 2008-03-16 15:11 5512704 c:\windows\Installer\324d88.msp

+ 2007-12-05 14:26 . 2007-12-05 14:26 1079296 c:\windows\Installer\30feb3.msp

+ 2007-12-05 13:18 . 2007-12-05 13:18 3522560 c:\windows\Installer\30feac.msi

+ 2007-12-05 15:20 . 2007-12-05 15:20 1574912 c:\windows\Installer\25ffc4.msi

+ 2008-01-31 09:30 . 2008-01-31 09:30 9947648 c:\windows\Installer\1ed441.msp

+ 2008-02-15 13:57 . 2008-02-15 13:57 5517312 c:\windows\Installer\1ed424.msp

+ 2008-04-07 17:40 . 2008-04-07 17:40 3666944 c:\windows\Installer\124981.msi

+ 2007-05-20 01:52 . 2007-05-20 01:52 1062400 c:\windows\Installer\109a55.msi

+ 2007-05-20 01:52 . 2007-05-20 01:52 1073152 c:\windows\Installer\109a4e.msi

+ 2007-05-20 01:47 . 2007-05-20 01:47 1021440 c:\windows\Installer\1099a2.msi

+ 2007-05-20 01:47 . 2007-05-20 01:47 1062912 c:\windows\Installer\109994.msi

+ 2007-05-20 01:47 . 2007-05-20 01:47 1303040 c:\windows\Installer\10998e.msi

+ 2008-01-20 13:56 . 2008-01-20 13:56 3286528 c:\windows\Installer\102dcee.msi

+ 2007-05-20 02:06 . 2007-01-19 11:20 16669184 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi

+ 2008-01-14 14:24 . 2008-01-14 14:24 10721280 c:\windows\Installer\da6507.msp

+ 2008-01-14 15:50 . 2008-01-14 15:50 11887104 c:\windows\Installer\da64f2.msp

+ 2008-04-14 12:26 . 2008-04-14 12:26 11888128 c:\windows\Installer\9fea36.msp

+ 2008-01-31 08:45 . 2008-01-31 08:45 11565056 c:\windows\Installer\6f04b.msp

+ 2008-03-17 11:48 . 2008-03-17 11:48 11813888 c:\windows\Installer\6d6d2.msp

+ 2008-02-29 21:09 . 2008-02-29 21:09 16907776 c:\windows\Installer\1ed457.msp

+ 2007-05-20 01:51 . 2007-05-20 01:52 27405312 c:\windows\Installer\109a47.msi

+ 2008-01-21 21:27 . 2008-01-30 21:59 18658816 c:\windows\Downloaded Installations\{D62718DB-6BE7-4B09-A39F-BD779481ED3B}\Wave MP3 Editor v11.9.2 - Fully Functional Evaluation Version.msi

+ 2008-01-07 18:55 . 2008-01-07 18:55 15951872 c:\windows\Downloaded Installations\{8271835B-93C7-4BEF-A2AF-B2192EED9307}\Wave MP3 Editor v11.9.2 - KISS Free Version.msi

+ 2007-05-20 02:25 . 2007-05-20 02:25 13168640 c:\windows\Downloaded Installations\{14DE2A3C-7324-4049-8D1B-0810C328113B}\HP Doc Viewer.msi

+ 2007-07-27 08:24 . 2007-07-27 08:24 127991808 c:\windows\Installer\bed00.msp

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-08 1232896]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-01 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-01 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-01 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-05-20 77824]

"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{69D820AC-4847-4D06-B56B-863E943EA37B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{0DA995C7-4A1A-47A4-B44B-06366A91ADDB}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{09FC5645-09D0-494F-BCAE-F5DCCF5C847B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{BAD11890-FAFD-4815-9F8D-E85D1963051E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{74812A3B-0341-4999-8DFF-ABE5D8554D10}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{ACF8147B-1AD6-4160-A0AE-946920EB5B6E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{AB9FFAF2-3A05-4DC1-9A89-E3BE87F6A2A4}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype

"{0BE7F04B-343D-4CE0-8FC9-D1759E26404B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype

"{74FF1F4A-2A7F-4A9B-B1A9-4B3AE207AC98}"= UDP:94:VRS Recording System Web Control Panel

"{9999C5C2-B52E-4B4C-866D-A759F615E0EB}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype

"{07A14B78-1754-4A46-B286-CC233A17601A}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype

"{3237C75D-FDCA-4814-AF2D-45E66E6BC761}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1007020.00B\SymEFA.sys [12/09/2009 10:49 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1007020.00B\BHDrvx86.sys [12/09/2009 10:49 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1007020.00B\cchpx86.sys [12/09/2009 10:49 482432]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSvix86.sys [17/09/2009 17:26 342576]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/11/2006 10:35 22016]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/11/2006 10:35 22016]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [12/09/2009 10:49 117640]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/01/2008 16:12 600912]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 10:00 102448]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1007020.00B\symndisv.sys [12/09/2009 10:49 48688]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/01/2009 16:55 55264]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/12/2008 18:01 533344]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [26/07/2008 17:10 31592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://www.trooner.com/

IE: Afbeelding verzenden naar &Bluetooth-apparaat...

IE: E&xporteren naar Microsoft Excel

IE: Pagina verzenden naar &Bluetooth-apparaat...

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-FreeOCR.net - c:\windows\FreeOCR.net

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-09-18 17:45

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(716)

c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll

c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

.

Voltooingstijd: 2009-09-18 17:48

ComboFix-quarantined-files.txt 2009-09-18 15:48

ComboFix2.txt 2009-04-15 08:47

Pre-Run: 96.999.448.576 bytes beschikbaar

Post-Run: 97.046.872.064 bytes beschikbaar

347 --- E O F --- 2008-11-01 14:07

P.S. Loopt mijn pc nu nog gevaar voor het in de quarantaine geplaatste virus?

Link naar reactie
Delen op andere sites

Dit ziet er momenteel erg goed uit. Tijd om de resten van de besmetting op te ruimen. En je JAVA kan een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Verwijder volgende vetgedrukte map met Windows Verkenner : C:\Qoobox (indien nog aanwezig).

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6 Update 16.

  • Scroll omlaag naar : "Java SE Runtime Environment (JRE) 6 Update 16".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer Windows
  • Vink aan: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement", en klik op Continue.
  • De pagina zal herladen.
  • Klik op de jre-6u16-windows-i586.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u16-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

Link naar reactie
Delen op andere sites

[ATTACH]2863[/ATTACH]Beste Kape,

Bedankt voor de hulp.

Heb ondertussen ook een volledige Norton scan gedaan, en die vindt geen virussen.

De Trojan kwam trouwens van LimeWire en Norton geeft aan dat het virus volledig verwijderd is zoals je kunt zien in de bijgevoegde afbeelding.

Voor Java ga ik nog even wachten, want ik ken niet zoveel van computers, en Java heb je wel nodig bij internet explorer. Dus daarom ga ik vragen aan de computerwinkel of ze dit van op afstand kunnen oplossen. Ze gebruiken daar een speciaal programma voor.

post-7309-1417703875,7063_thumb.jpg

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.