Ga naar inhoud

[OPGELOST] TrojanDownloader.xs, system integrity scan wizard


Aanbevolen berichten

Hallo,

Ik heb sinds gisteren last van TrojanDownloader.xs

http://www.pc-helpforum.be/f163/antispyware-reviews-biz-9089/

Sinds vandaag heb ik ook deze gezien:

system integrity scan wizard

http://www.pc-helpforum.be/f163/system-integrity-scan-wizard-9194/

Ook heb ik nu last van tabbladen die worden geopend en een popup (poker, playastation etc)

Ik draai Avast en Spybot, overigens spybot wil veel blokkeren bij opstarten. Oneindig? Ik heb de keuzes even links laten liggen.

Ik hoop dat jullie mij kunen helpen! Alvast onwijs bedankt.

mijn log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:02:42, on 20-4-2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\qzgnljpo\ongfebcn.exe

C:\ProgramData\gncvojml\knqbgbup.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljjgGVpM.dll,#1

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe

O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Bart\AppData\Local\Temp\urqRHxxY.dll,#1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe

O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe

O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 11966 bytes

Link naar reactie
Delen op andere sites

  • Reacties 80
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Hoi B*rt,

1. Clean de Cache and Cookies in IE:

  • ° Sluit Internet Explorer.
    ° Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    ° Bij browsergeschiedenis klik je op Verwijderen, dit zal een nieuw venster openen.
    ° Druk op volgende om te verwijderen en klik daarna op ok:
    ° Bestanden verwijderen.
    ° Cookies verwijderen.
    ° Geschiedenis verwijderen.

Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

  • ° Ga naar Extra > Opties.
    ° Klik Privacy in het menu.
    ° Klik op de knop Nu wissen onderaan. Een nieuw venster zal openen.
    ° Vink alles aan bij 'de volgende gegevens nu wissen.'
    ° Klik op de Privégegevens nu opruimen knop.

Clean andere Temporary files + Prullenbak:

  • ° Ga naar start > uitvoeren en typ: cleanmgr en klik ok.
    ° Laat het je systeem scannen op bestanden die moeten verwijderd worden.
    ° Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    ° Klik daarna op ok.

2. Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.

  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware' en Start Malwarebytes' Anti-Malware' Klik daarna op Voltooien.
  • Kies in het hoofdscherm voor de tab Scanner en selecteer het keuzerondje Snelle Scan.
  • Druk op de knop Scan en zorg dat al je harde schijven/partities aangevinkt staan.
  • Druk dan op de knop Start Scan.
  • Het scannen kan een tijdje duren,dus wees geduldig.
  • Wanneer de scan voltooid is klik OK, daarna Bekijk Resultaten om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is daarna klik: Verwijder Selectie.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de 'Logs tab' te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

Extra Nota:

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

3. Na herstart van je PC volg deze instructies om Combofix te downloaden :

  • De instructies op de BleepingComputer pagina over het installeren van de XP Recovery Console, mag je overslaan met Vista.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.
    OPMERKING: indien je tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

    Plaats deze log in je volgende post, samen met een vers HijackThis logje.

Succes

Xeno :)

Link naar reactie
Delen op andere sites

Dank!

Ik heb stap 1 en 2 nu gedaan. Hier de logs:

Dan ga ik nu voor stap 3.

Malwarebytes' Anti-Malware 1.11

Database versie: 660

Scan type: Snelle Scan

Objecten gescand: 36391

Verstreken tijd: 6 minute(s), 25 second(s)

Geheugenprocessen geïnfecteerd: 2

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 10

Registerwaarden geïnfecteerd: 10

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 21

Geheugenprocessen geïnfecteerd:

C:\ProgramData\qzgnljpo\ongfebcn.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\ProgramData\gncvojml\knqbgbup.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

C:\Users\Bart\AppData\Local\Temp\qoMgdDts.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\CLSID\{6a6eae1b-4ad6-4035-974d-504d6dbaa9c3} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzgnljpo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VMkb4HTjpS (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcjezcww (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vrwwrtxr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a6eae1b-4ad6-4035-974d-504d6dbaa9c3} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8583261 (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\ProgramData\qzgnljpo\ongfebcn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\ProgramData\gncvojml\knqbgbup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\qoMgdDts.dll (Trojan.Vundo) -> Delete on reboot.

C:\ProgramData\wcjezcww\snmvuxep.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\ProgramData\vrwwrtxr\snmvuxep.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\ljjgGVpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\ddcAqNfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\hgGxVOHw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\mlJBRKBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\qoMdBTjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\rqRKCrQG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\tmp000124f8 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\tmp000128e0 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\tmp00012e10 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\tmp00013e2d (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\tmp00014ee6 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\tuvSMdcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\npqtsrak.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll (Trojan.Agent) -> Delete on reboot.

C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\pmsoarbf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:02:42, on 20-4-2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\qzgnljpo\ongfebcn.exe

C:\ProgramData\gncvojml\knqbgbup.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljjgGVpM.dll,#1

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe

O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Bart\AppData\Local\Temp\urqRHxxY.dll,#1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe

O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe

O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 11966 bytes

Link naar reactie
Delen op andere sites

Stap 3 nu ook voltooid.

Bij het opnieuw opstarten krijg ik wat dll fouten (uit de temp map).

We zijn ook nog niet klaar, dat weet ik ;)

Ik hoor graag weer wat van u Xeno :)

logs:

ComboFix 08-04-18.3 - Bart 2008-04-20 14:04:32.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1087 [GMT 2:00]

Gestart vanuit: D:\Bart Gebruikersbestanden\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\x64

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))

.

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-20 12:20 . 2008-04-20 12:20 <DIR> d-------- C:\Users\All Users\qpucxfsd

2008-04-20 12:20 . 2008-04-20 12:20 <DIR> d-------- C:\ProgramData\qpucxfsd

2008-04-20 12:02 . 2008-04-20 12:02 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-20 10:16 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\vrwwrtxr

2008-04-20 10:16 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\vrwwrtxr

2008-04-19 13:39 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\wcjezcww

2008-04-19 13:39 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\wcjezcww

2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-04-19 13:15 . 2008-04-19 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-19 11:16 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Software

2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\Users\All Users\NCH Swift Sound

2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\ProgramData\NCH Swift Sound

2008-04-19 11:13 . 2008-04-19 11:13 <DIR> d-------- C:\Users\Bart\AppData\Roaming\NCH Swift Sound

2008-04-19 11:13 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Swift Sound

2008-04-19 04:06 . 2005-02-24 12:10 2,084,864 --a------ C:\Windows\System32\AudDesign.dll

2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\qzgnljpo

2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\gncvojml

2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\qzgnljpo

2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\gncvojml

2008-04-16 15:55 . 2008-04-16 15:55 <DIR> d-------- C:\Program Files\WinSCP

2008-04-16 13:48 . 2008-04-16 13:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-04-16 13:26 . 2008-04-16 13:26 <DIR> d-------- C:\PerfLogs

2008-04-16 12:33 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-04-16 12:32 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-04-16 12:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-04-16 12:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-04-16 12:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-04-16 12:29 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-04-16 12:29 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-04-16 12:29 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-04-16 12:29 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-04-15 18:32 . 2008-04-16 13:48 49 --a------ C:\Windows\NeroDigital.ini

2008-04-15 18:30 . 2007-09-28 14:27 19,840 --a------ C:\Windows\System32\drivers\StMp3Rec.sys

2008-04-15 18:29 . 2008-04-15 18:30 <DIR> d-------- C:\Philips

2008-04-15 15:12 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS

2008-04-15 15:12 . 2007-05-09 11:00 159,744 --a------ C:\Windows\System32\WkWin32.dll

2008-04-15 15:12 . 2007-05-09 11:00 72,704 --a------ C:\Windows\System32\drivers\WibuKey.sys

2008-04-15 15:12 . 2007-05-09 11:00 16,384 --a------ C:\Windows\System32\drivers\Wibukey2.sys

2008-04-15 15:10 . 2008-04-16 00:07 <DIR> d-------- C:\Program Files\Graphisoft

2008-04-14 19:26 . 2008-04-16 23:26 <DIR> d-------- C:\Users\Bart\Graphisoft

2008-04-14 19:26 . 2008-04-14 19:54 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Graphisoft

2008-04-14 19:07 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBUKEY

2008-04-14 19:07 . 2008-04-16 00:08 9,346 --a------ C:\Windows\vpd.properties

2008-04-09 22:32 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe

2008-04-09 22:32 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe

2008-04-09 22:32 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll

2008-04-09 22:32 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll

2008-04-09 22:32 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 22:32 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

2008-04-09 22:32 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 22:32 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 22:32 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 22:32 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 22:31 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys

2008-04-09 22:31 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll

2008-04-09 22:30 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-04-09 22:30 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-20 12:01 --------- d-----w C:\Users\Bart\AppData\Roaming\Skype

2008-04-20 11:24 --------- d-----w C:\ProgramData\FreePDF

2008-04-20 08:29 --------- d-----w C:\ProgramData\Google Updater

2008-04-20 08:29 --------- d-----w C:\Program Files\Picasa2

2008-04-20 08:15 --------- d-----w C:\Users\Bart\AppData\Roaming\skypePM

2008-04-19 01:29 --------- d-----w C:\Users\Bart\AppData\Roaming\uTorrent

2008-04-18 07:00 --------- d-----w C:\Program Files\Google

2008-04-16 11:34 174 --sha-w C:\Program Files\desktop.ini

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Mail

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Journal

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Defender

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Calendar

2008-04-16 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-04-16 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-04-15 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-07 13:41 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2008-03-17 18:29 --------- d-----w C:\Program Files\Java

2008-03-05 20:29 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-05 16:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-05 16:36 --------- d-----w C:\Program Files\Windows Live

2008-03-05 16:34 --------- d-----w C:\ProgramData\WLInstaller

2008-03-01 13:21 --------- d-----w C:\Program Files\MSN Messenger

2008-02-27 13:19 --------- d-----w C:\Program Files\Belastingdienst

2008-02-25 14:45 32 ----a-w C:\Users\All Users\ezsid.dat

2008-02-25 14:45 32 ----a-w C:\ProgramData\ezsid.dat

2008-02-25 14:44 --------- d-----w C:\Program Files\Common Files\Skype

2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys

2008-02-22 13:21 --------- d-----w C:\Program Files\Tsview.win

2008-02-11 18:13 539,160 ----a-w C:\Windows\System32\igfxcfg.exe

2008-02-11 18:13 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe

2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxzoom.exe

2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxext.exe

2008-02-11 18:13 166,424 ----a-w C:\Windows\System32\hkcmd.exe

2008-02-11 18:13 141,848 ----a-w C:\Windows\System32\igfxtray.exe

2008-02-11 18:13 133,656 ----a-w C:\Windows\System32\igfxpers.exe

2008-02-11 17:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll

2008-02-11 17:36 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll

2008-02-11 17:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin

2008-02-11 17:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin

2008-02-11 17:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin

2008-02-11 17:01 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll

2008-02-11 17:01 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll

2008-02-11 16:48 245,760 ----a-w C:\Windows\System32\igfxTMM.dll

2008-02-11 16:47 69,632 ----a-w C:\Windows\System32\oemdspif.dll

2008-02-11 16:47 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll

2008-02-11 16:47 24,576 ----a-w C:\Windows\System32\igfxexps.dll

2008-02-11 16:47 204,800 ----a-w C:\Windows\System32\igfxpph.dll

2008-02-11 16:46 3,293,184 ----a-w C:\Windows\System32\igfxress.dll

2008-02-11 16:46 204,800 ----a-w C:\Windows\System32\igfxdev.dll

2008-02-11 16:46 135,168 ----a-w C:\Windows\System32\igfxdo.dll

2008-02-11 16:46 106,496 ----a-w C:\Windows\System32\hccutils.dll

2007-09-30 12:39 103,736 ----a-w C:\Users\Bart\AppData\Roaming\GDIPFONTCACHEV1.DAT

2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-09-22 10:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 23:59 68856]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"qzgnljpo"="C:\ProgramData\qzgnljpo\ongfebcn.exe" [ ]

"VMkb4HTjpS"="C:\ProgramData\gncvojml\knqbgbup.exe" [ ]

"wcjezcww"="C:\ProgramData\wcjezcww\snmvuxep.exe" [ ]

"vrwwrtxr"="C:\ProgramData\vrwwrtxr\snmvuxep.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-02 11:11 3772416 C:\Windows\RtHDVCpl.exe]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-08-17 15:59 258134]

"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00 29744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-23 22:19:31 692224]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 11:14:28 421888]

Network Server.lnk - C:\Program Files\WIBUKEY\Server\WkSvMgr.exe [2008-04-15 15:13:13 3768320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{9640623C-8418-4177-AF8F-A674FF80DF4F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{8F984C0E-7AE6-4E47-8755-4CA668323F1B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{79CDA76A-A6BB-41BE-B529-E65EAC89D96C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{F6F602E8-09DD-4382-B059-C082E64DC644}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{7605BB9A-2523-4DAE-AF41-C98DC4A2C9D6}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{4EC2C31A-026E-4555-8870-4B597F6034BF}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"TCP Query User{A2D57D95-1C34-4909-8C66-CED6173B3A53}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{1B8A60B7-AE60-4609-8D59-7177F3C284E7}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"TCP Query User{405FC589-26B4-4E96-B7B7-13D1E22FB063}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{A1A05DB9-EDE7-4354-B6A5-DFB1658D20FA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{23FA42BD-6E9D-4DBD-99A8-BB02C63092C0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{C9D310DC-97F7-412A-9E23-28A4D4F429A8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{C3504007-C8E0-402E-8438-DCC2ABD6CF3A}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp

"UDP Query User{9433D19C-E2B0-4E14-AE35-E858EFF16A79}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp

"{BB1F8097-458D-4286-8C13-CA6504A751F7}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{140D725A-8DD0-4E60-8ADD-86071C36FE3A}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"TCP Query User{FDAA8CC2-A234-4EC3-84E5-73795F75CCEA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{701849C1-DA41-42EA-8BA3-040D08C0C5C5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{8D473774-4EF3-476C-A78E-AFB6318910D8}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{B4C0FB00-7F52-4A1D-BEE3-6EC54B6CC94F}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{51B14973-C532-49EF-A60B-99F4B2AF967B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{69E389A6-1D27-4FE2-B35E-C58DCFF9F836}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{98300E0C-ED17-4712-B94F-52AB5C223889}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= UDP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver

"UDP Query User{8594B12E-929D-4578-81EC-393D1FEAEF7E}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= TCP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver

"TCP Query User{F8FEF068-1373-4630-9F4E-B7B924C3D314}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{E26C7FB7-DD42-442F-9EC7-9C4174ABCDD1}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"TCP Query User{489A21C4-CD64-41D4-A9B9-6AFA8C19C0A5}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{933ECCF3-D503-4E20-8904-8574B0F1830F}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"{040BAAB3-582D-4025-92DC-616AFA00D020}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza

"{AA6E563A-0635-427A-9668-D4A4A94BAD1D}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza

"TCP Query User{724BE152-0FB7-4685-B17E-DF6AA5875875}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{4A331558-8C48-41E7-A4A2-21188DDCE254}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{BD73F861-354D-449E-BF9D-24B949A79380}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{49BF5D41-A2CD-4558-9E02-7DC5B71E80D5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{19A19C19-AA5F-4990-BE04-34F0A225699D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{D60C95A0-4B33-416B-8FE0-490FEA7B0A7B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"UDP Query User{37521B48-29ED-4587-AD69-4F100DF5F5F6}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"TCP Query User{70D2486B-B649-42F3-B6F7-39B1CA62EB78}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= UDP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component

"UDP Query User{9ACBBBC8-A4AB-40D9-B7B7-C666B32051A5}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= TCP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component

"TCP Query User{B19538FE-A1C9-4D28-BD5E-08CFBF8C330B}C:\\program files\\winscp\\winscp.exe"= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client

"UDP Query User{C7BEEE9E-4F04-42A0-A48C-BF0578CAC521}C:\\program files\\winscp\\winscp.exe"= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-08-17 15:58]

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 14:24]

R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5090ebe5-5796-11dc-9727-001150c6352e}]

\shell\Auto\command - UFO.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b300e99f-0aee-11dd-b6e3-001150c6352e}]

\shell\Auto\command - K:\UFO.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\UFO.exe

*Newly Created Service* - CATCHME

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-20 12:03:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-04-20 11:55:12 C:\Windows\Tasks\User_Feed_Synchronization-{F3506F30-F03C-4547-B24B-ED550C9E79FF}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-20 14:06:34

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\Windows\Explorer.exe

-> C:\Windows\system32\BsLangInDepRes.dll

.

Voltooingstijd: 2008-04-20 14:08:01

ComboFix-quarantined-files.txt 2008-04-20 12:07:22

Pre-Run: 29,988,839,424 bytes beschikbaar

Post-Run: 29,838,258,176 bytes beschikbaar

273 --- E O F --- 2008-04-18 14:18:13

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:02:42, on 20-4-2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ProgramData\qzgnljpo\ongfebcn.exe

C:\ProgramData\gncvojml\knqbgbup.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljjgGVpM.dll,#1

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe

O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Bart\AppData\Local\Temp\urqRHxxY.dll,#1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe

O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe

O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 11966 bytes

Link naar reactie
Delen op andere sites

Hoi B*rt,

Jeezes, de besmetting zit diep in je systeem, en gaan beginnen met deze.

Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


  • Folder::
    C:\Users\All Users\qpucxfsd
    C:\ProgramData\qpucxfsd
    C:\Users\All Users\vrwwrtxr
    C:\ProgramData\vrwwrtxr
    C:\Users\All Users\wcjezcww
    C:\ProgramData\wcjezcww
    C:\Users\All Users\qzgnljpo
    C:\Users\All Users\gncvojml
    C:\ProgramData\qzgnljpo
    C:\ProgramData\gncvojml
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "qzgnljpo"=-
    "VMkb4HTjpS"=-
    "wcjezcww"=-
    "vrwwrtxr"=-

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScript.gif

Dit zal ComboFix doen herstarten.

Start opnieuw op als daarom gevraagd wordt,

en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Succes,

Xeno :)

Link naar reactie
Delen op andere sites

Oke gedaan.

Moet ik trouwens Spybot Search & Destroy even uitzetten? Die blijft (zoals bij combofix) om toestemmingen vragen. Hoe is deze tijdelijk uit te zetten?

Shit had dit niet verwacht dat het zo diep zou zitten..:S

combofix log:

ComboFix 08-04-18.3 - Bart 2008-04-20 20:59:52.2 - NTFSx86

Gestart vanuit: D:\Bart Gebruikersbestanden\Desktop\ComboFix.exe

Command switches used :: D:\Bart Gebruikersbestanden\Desktop\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ProgramData\gncvojml

C:\ProgramData\qpucxfsd

C:\ProgramData\qpucxfsd\dcjonidw.exe

C:\ProgramData\qzgnljpo

C:\ProgramData\vrwwrtxr

C:\ProgramData\wcjezcww

C:\Users\All Users\qpucxfsd\dcjonidw.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))

.

2008-04-20 20:58 . 2008-04-20 20:58 <DIR> d-------- C:\327882R2FWJFW

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-20 12:02 . 2008-04-20 12:02 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-04-19 13:15 . 2008-04-19 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-19 11:16 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Software

2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\Users\All Users\NCH Swift Sound

2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\ProgramData\NCH Swift Sound

2008-04-19 11:13 . 2008-04-19 11:13 <DIR> d-------- C:\Users\Bart\AppData\Roaming\NCH Swift Sound

2008-04-19 11:13 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Swift Sound

2008-04-16 15:55 . 2008-04-16 15:55 <DIR> d-------- C:\Program Files\WinSCP

2008-04-16 13:48 . 2008-04-16 13:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-04-16 13:26 . 2008-04-16 13:26 <DIR> d-------- C:\PerfLogs

2008-04-16 12:33 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-04-16 12:32 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-04-16 12:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-04-16 12:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-04-16 12:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-04-16 12:29 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-04-16 12:29 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-04-16 12:29 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-04-16 12:29 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-04-15 18:32 . 2008-04-16 13:48 49 --a------ C:\Windows\NeroDigital.ini

2008-04-15 18:30 . 2007-09-28 14:27 19,840 --a------ C:\Windows\System32\drivers\StMp3Rec.sys

2008-04-15 18:29 . 2008-04-15 18:30 <DIR> d-------- C:\Philips

2008-04-15 15:12 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS

2008-04-15 15:12 . 2007-05-09 11:00 159,744 --a------ C:\Windows\System32\WkWin32.dll

2008-04-15 15:12 . 2007-05-09 11:00 72,704 --a------ C:\Windows\System32\drivers\WibuKey.sys

2008-04-15 15:12 . 2007-05-09 11:00 16,384 --a------ C:\Windows\System32\drivers\Wibukey2.sys

2008-04-15 15:10 . 2008-04-16 00:07 <DIR> d-------- C:\Program Files\Graphisoft

2008-04-14 19:26 . 2008-04-16 23:26 <DIR> d-------- C:\Users\Bart\Graphisoft

2008-04-14 19:26 . 2008-04-14 19:54 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Graphisoft

2008-04-14 19:07 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBUKEY

2008-04-14 19:07 . 2008-04-16 00:08 9,346 --a------ C:\Windows\vpd.properties

2008-04-09 22:32 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe

2008-04-09 22:32 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe

2008-04-09 22:32 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll

2008-04-09 22:32 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll

2008-04-09 22:32 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 22:32 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

2008-04-09 22:32 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 22:32 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 22:32 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 22:32 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 22:31 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys

2008-04-09 22:31 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll

2008-04-09 22:30 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-04-09 22:30 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-20 14:03 --------- d-----w C:\Users\Bart\AppData\Roaming\Skype

2008-04-20 14:01 --------- d-----w C:\Users\Bart\AppData\Roaming\skypePM

2008-04-20 11:24 --------- d-----w C:\ProgramData\FreePDF

2008-04-20 08:29 --------- d-----w C:\ProgramData\Google Updater

2008-04-20 08:29 --------- d-----w C:\Program Files\Picasa2

2008-04-19 01:29 --------- d-----w C:\Users\Bart\AppData\Roaming\uTorrent

2008-04-18 07:00 --------- d-----w C:\Program Files\Google

2008-04-16 11:34 174 --sha-w C:\Program Files\desktop.ini

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Mail

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Journal

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Defender

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Calendar

2008-04-16 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-04-16 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-04-15 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-07 13:41 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2008-03-17 18:29 --------- d-----w C:\Program Files\Java

2008-03-05 20:29 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-05 16:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-05 16:36 --------- d-----w C:\Program Files\Windows Live

2008-03-05 16:34 --------- d-----w C:\ProgramData\WLInstaller

2008-03-01 13:21 --------- d-----w C:\Program Files\MSN Messenger

2008-02-27 13:19 --------- d-----w C:\Program Files\Belastingdienst

2008-02-25 14:45 32 ----a-w C:\Users\All Users\ezsid.dat

2008-02-25 14:45 32 ----a-w C:\ProgramData\ezsid.dat

2008-02-25 14:44 --------- d-----w C:\Program Files\Common Files\Skype

2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys

2008-02-22 13:21 --------- d-----w C:\Program Files\Tsview.win

2008-02-11 18:13 539,160 ----a-w C:\Windows\System32\igfxcfg.exe

2008-02-11 18:13 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe

2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxzoom.exe

2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxext.exe

2008-02-11 18:13 166,424 ----a-w C:\Windows\System32\hkcmd.exe

2008-02-11 18:13 141,848 ----a-w C:\Windows\System32\igfxtray.exe

2008-02-11 18:13 133,656 ----a-w C:\Windows\System32\igfxpers.exe

2008-02-11 17:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll

2008-02-11 17:36 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll

2008-02-11 17:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin

2008-02-11 17:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin

2008-02-11 17:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin

2008-02-11 17:01 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll

2008-02-11 17:01 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll

2008-02-11 16:48 245,760 ----a-w C:\Windows\System32\igfxTMM.dll

2008-02-11 16:47 69,632 ----a-w C:\Windows\System32\oemdspif.dll

2008-02-11 16:47 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll

2008-02-11 16:47 24,576 ----a-w C:\Windows\System32\igfxexps.dll

2008-02-11 16:47 204,800 ----a-w C:\Windows\System32\igfxpph.dll

2008-02-11 16:46 3,293,184 ----a-w C:\Windows\System32\igfxress.dll

2008-02-11 16:46 204,800 ----a-w C:\Windows\System32\igfxdev.dll

2008-02-11 16:46 135,168 ----a-w C:\Windows\System32\igfxdo.dll

2008-02-11 16:46 106,496 ----a-w C:\Windows\System32\hccutils.dll

2007-09-30 12:39 103,736 ----a-w C:\Users\Bart\AppData\Roaming\GDIPFONTCACHEV1.DAT

2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-09-22 10:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-04-20_14.07.02,62 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-20 11:51:34 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-20 13:40:19 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-04-20 11:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-04-20 11:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-04-20 11:52:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-20 18:55:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-20 11:53:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-20 13:42:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-20 13:42:31 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-20 12:04:11 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-20 18:59:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-20 11:53:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-20 13:42:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-20 13:42:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-20 11:52:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-04-20 11:52:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-20 17:43:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-20 11:52:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-04-20 11:56:53 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-20 13:45:33 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-20 11:56:53 126,648 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-04-20 13:45:33 126,648 ----a-w C:\Windows\System32\perfc013.dat

- 2008-04-20 11:56:53 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-20 13:45:33 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-20 11:56:53 667,120 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-04-20 13:45:33 667,120 ----a-w C:\Windows\System32\perfh013.dat

- 2008-04-20 11:54:12 5,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin

+ 2008-04-20 13:42:54 5,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin

- 2008-04-20 11:54:12 57,828 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-20 13:42:54 57,930 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-20 11:54:09 51,928 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-20 13:42:51 52,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 23:59 68856]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"qzgnljpo"="C:\ProgramData\qzgnljpo\ongfebcn.exe" [ ]

"VMkb4HTjpS"="C:\ProgramData\gncvojml\knqbgbup.exe" [ ]

"wcjezcww"="C:\ProgramData\wcjezcww\snmvuxep.exe" [ ]

"vrwwrtxr"="C:\ProgramData\vrwwrtxr\snmvuxep.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-02 11:11 3772416 C:\Windows\RtHDVCpl.exe]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-08-17 15:59 258134]

"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00 29744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-23 22:19:31 692224]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 11:14:28 421888]

Network Server.lnk - C:\Program Files\WIBUKEY\Server\WkSvMgr.exe [2008-04-15 15:13:13 3768320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{9640623C-8418-4177-AF8F-A674FF80DF4F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{8F984C0E-7AE6-4E47-8755-4CA668323F1B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{79CDA76A-A6BB-41BE-B529-E65EAC89D96C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{F6F602E8-09DD-4382-B059-C082E64DC644}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{7605BB9A-2523-4DAE-AF41-C98DC4A2C9D6}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{4EC2C31A-026E-4555-8870-4B597F6034BF}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"TCP Query User{A2D57D95-1C34-4909-8C66-CED6173B3A53}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{1B8A60B7-AE60-4609-8D59-7177F3C284E7}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"TCP Query User{405FC589-26B4-4E96-B7B7-13D1E22FB063}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{A1A05DB9-EDE7-4354-B6A5-DFB1658D20FA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{23FA42BD-6E9D-4DBD-99A8-BB02C63092C0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{C9D310DC-97F7-412A-9E23-28A4D4F429A8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{C3504007-C8E0-402E-8438-DCC2ABD6CF3A}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp

"UDP Query User{9433D19C-E2B0-4E14-AE35-E858EFF16A79}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp

"{BB1F8097-458D-4286-8C13-CA6504A751F7}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{140D725A-8DD0-4E60-8ADD-86071C36FE3A}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"TCP Query User{FDAA8CC2-A234-4EC3-84E5-73795F75CCEA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{701849C1-DA41-42EA-8BA3-040D08C0C5C5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{8D473774-4EF3-476C-A78E-AFB6318910D8}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{B4C0FB00-7F52-4A1D-BEE3-6EC54B6CC94F}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{51B14973-C532-49EF-A60B-99F4B2AF967B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{69E389A6-1D27-4FE2-B35E-C58DCFF9F836}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{98300E0C-ED17-4712-B94F-52AB5C223889}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= UDP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver

"UDP Query User{8594B12E-929D-4578-81EC-393D1FEAEF7E}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= TCP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver

"TCP Query User{F8FEF068-1373-4630-9F4E-B7B924C3D314}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{E26C7FB7-DD42-442F-9EC7-9C4174ABCDD1}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"TCP Query User{489A21C4-CD64-41D4-A9B9-6AFA8C19C0A5}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{933ECCF3-D503-4E20-8904-8574B0F1830F}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"{040BAAB3-582D-4025-92DC-616AFA00D020}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza

"{AA6E563A-0635-427A-9668-D4A4A94BAD1D}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza

"TCP Query User{724BE152-0FB7-4685-B17E-DF6AA5875875}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{4A331558-8C48-41E7-A4A2-21188DDCE254}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{BD73F861-354D-449E-BF9D-24B949A79380}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{49BF5D41-A2CD-4558-9E02-7DC5B71E80D5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{19A19C19-AA5F-4990-BE04-34F0A225699D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{D60C95A0-4B33-416B-8FE0-490FEA7B0A7B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"UDP Query User{37521B48-29ED-4587-AD69-4F100DF5F5F6}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"TCP Query User{70D2486B-B649-42F3-B6F7-39B1CA62EB78}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= UDP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component

"UDP Query User{9ACBBBC8-A4AB-40D9-B7B7-C666B32051A5}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= TCP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component

"TCP Query User{B19538FE-A1C9-4D28-BD5E-08CFBF8C330B}C:\\program files\\winscp\\winscp.exe"= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client

"UDP Query User{C7BEEE9E-4F04-42A0-A48C-BF0578CAC521}C:\\program files\\winscp\\winscp.exe"= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-08-17 15:58]

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 14:24]

R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5090ebe5-5796-11dc-9727-001150c6352e}]

\shell\Auto\command - UFO.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b300e99f-0aee-11dd-b6e3-001150c6352e}]

\shell\Auto\command - K:\UFO.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\UFO.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-20 19:03:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-04-20 19:00:54 C:\Windows\Tasks\User_Feed_Synchronization-{F3506F30-F03C-4547-B24B-ED550C9E79FF}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-20 21:03:18

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-20 21:05:06

ComboFix-quarantined-files.txt 2008-04-20 19:04:24

ComboFix2.txt 2008-04-20 12:08:02

Pre-Run: 29,482,143,744 bytes beschikbaar

Post-Run: 29,264,633,856 bytes beschikbaar

306 --- E O F --- 2008-04-18 14:18:13

en hijackthis log: (trouwens nu als administrator uitgevoerd...)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:24:49, on 20-4-2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe

O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe

O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe

O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe

O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 11278 bytes

Link naar reactie
Delen op andere sites

Hoi B*rt,

We zien hem en hebben hem.

1. Schakel Spybot's TeaTimer even uit omdat deze de fix in de weg kan zitten:

- Start Spybot

- Ga naar Mode > selecteer Advanced Mode

- Ga naar Tools en klik op het Resident-icoon in de lijst

- Haal het vinkje weg bij Resident TeaTimer en klik OK

- Herstart de computer

Download vervolgens ResetTeaTimer.bat naar je Bureaublad.

Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

Als de computer schoon is, kun je TeaTimer weer aan zetten

2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

KILLALL::

File::

C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll

DirLook::

C:\327882R2FWJFW

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScript.gif

Dit zal ComboFix doen herstarten.

Start opnieuw op als daarom gevraagd wordt,

en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

3. Open een kladblokbestand.

Kopieer onderstaande code in dit kladblokbestand.

Ga naar Bestand - Opslaan als.

-Bij 'Opslaan in' kies je: Bureaublad.

-Bij 'Bestandsnaam' zet je: fix.reg

-Bij 'Opslaan als type' selecteer je: Alle bestanden (*.*).

-Klik op de knop Opslaan.

REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qzgnljpo"=-
"VMkb4HTjpS"=-
"wcjezcww"=-
"vrwwrtxr"=-

Zo moet die regfix er nadien uitzien:reg.gif

Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

Succes,

Xeno :)

Link naar reactie
Delen op andere sites

Beste Xeno,

Stap 1 en 2 uitgevoerd.

Toen ik dat .txt file in combofix plaatste, herstarte mijn pc indd.

Alleen bleef het achtergrond zwart en ging comfix niet door, dus heb ik geen log gekregen.

Ik heb combofix toen nogmaals gedraaid (niet met dat .txt bestandje erin maar gewoon) het log:

Nu ga ik voor stap 3

ComboFix 08-04-18.3 - Bart 2008-04-21 16:10:17.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1042 [GMT 2:00]

Gestart vanuit: D:\Bart Gebruikersbestanden\Desktop\ComboFix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))

.

2008-04-21 16:05 . 2008-04-21 16:05 213,715,703 --a------ C:\Windows\MEMORY.DMP

2008-04-21 16:05 . 2008-04-21 16:05 524,288 --ahs---- C:\Users\Bart\NTUSER.DAT{f98cd136-0fab-11dd-a8b3-001150c6352e}.TMContainer00000000000000000002.regtrans-ms

2008-04-21 16:05 . 2008-04-21 16:05 524,288 --ahs---- C:\Users\Bart\NTUSER.DAT{f98cd136-0fab-11dd-a8b3-001150c6352e}.TMContainer00000000000000000001.regtrans-ms

2008-04-21 16:05 . 2008-04-21 16:05 65,536 --ahs---- C:\Users\Bart\NTUSER.DAT{f98cd136-0fab-11dd-a8b3-001150c6352e}.TM.blf

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-20 12:02 . 2008-04-20 12:02 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-04-19 13:15 . 2008-04-19 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-04-19 11:16 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Software

2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\Users\All Users\NCH Swift Sound

2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\ProgramData\NCH Swift Sound

2008-04-19 11:13 . 2008-04-19 11:13 <DIR> d-------- C:\Users\Bart\AppData\Roaming\NCH Swift Sound

2008-04-19 11:13 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Swift Sound

2008-04-16 15:55 . 2008-04-16 15:55 <DIR> d-------- C:\Program Files\WinSCP

2008-04-16 13:48 . 2008-04-16 13:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-04-16 13:26 . 2008-04-16 13:26 <DIR> d-------- C:\PerfLogs

2008-04-16 12:33 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-04-16 12:32 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-04-16 12:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-04-16 12:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-04-16 12:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-04-16 12:29 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-04-16 12:29 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-04-16 12:29 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-04-16 12:29 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-04-15 18:32 . 2008-04-16 13:48 49 --a------ C:\Windows\NeroDigital.ini

2008-04-15 18:30 . 2007-09-28 14:27 19,840 --a------ C:\Windows\System32\drivers\StMp3Rec.sys

2008-04-15 18:29 . 2008-04-15 18:30 <DIR> d-------- C:\Philips

2008-04-15 15:12 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS

2008-04-15 15:12 . 2007-05-09 11:00 159,744 --a------ C:\Windows\System32\WkWin32.dll

2008-04-15 15:12 . 2007-05-09 11:00 72,704 --a------ C:\Windows\System32\drivers\WibuKey.sys

2008-04-15 15:12 . 2007-05-09 11:00 16,384 --a------ C:\Windows\System32\drivers\Wibukey2.sys

2008-04-15 15:10 . 2008-04-16 00:07 <DIR> d-------- C:\Program Files\Graphisoft

2008-04-14 19:26 . 2008-04-16 23:26 <DIR> d-------- C:\Users\Bart\Graphisoft

2008-04-14 19:26 . 2008-04-14 19:54 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Graphisoft

2008-04-14 19:07 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBUKEY

2008-04-14 19:07 . 2008-04-16 00:08 9,346 --a------ C:\Windows\vpd.properties

2008-04-09 22:32 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe

2008-04-09 22:32 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe

2008-04-09 22:32 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll

2008-04-09 22:32 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll

2008-04-09 22:32 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe

2008-04-09 22:32 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

2008-04-09 22:32 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll

2008-04-09 22:32 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-04-09 22:32 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe

2008-04-09 22:32 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-04-09 22:31 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys

2008-04-09 22:31 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll

2008-04-09 22:30 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-04-09 22:30 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-21 14:07 --------- d-----w C:\Users\Bart\AppData\Roaming\skypePM

2008-04-21 14:07 --------- d-----w C:\Users\Bart\AppData\Roaming\Skype

2008-04-21 13:03 --------- d-----w C:\ProgramData\Google Updater

2008-04-20 11:24 --------- d-----w C:\ProgramData\FreePDF

2008-04-20 08:29 --------- d-----w C:\Program Files\Picasa2

2008-04-19 01:29 --------- d-----w C:\Users\Bart\AppData\Roaming\uTorrent

2008-04-18 07:00 --------- d-----w C:\Program Files\Google

2008-04-16 11:34 174 --sha-w C:\Program Files\desktop.ini

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Mail

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Journal

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Defender

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Calendar

2008-04-16 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-04-16 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-04-15 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-07 13:41 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2008-03-17 18:29 --------- d-----w C:\Program Files\Java

2008-03-05 20:29 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-05 16:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-05 16:36 --------- d-----w C:\Program Files\Windows Live

2008-03-05 16:34 --------- d-----w C:\ProgramData\WLInstaller

2008-03-01 13:21 --------- d-----w C:\Program Files\MSN Messenger

2008-02-27 13:19 --------- d-----w C:\Program Files\Belastingdienst

2008-02-25 14:45 32 ----a-w C:\Users\All Users\ezsid.dat

2008-02-25 14:45 32 ----a-w C:\ProgramData\ezsid.dat

2008-02-25 14:44 --------- d-----w C:\Program Files\Common Files\Skype

2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys

2008-02-22 13:21 --------- d-----w C:\Program Files\Tsview.win

2008-02-11 18:13 539,160 ----a-w C:\Windows\System32\igfxcfg.exe

2008-02-11 18:13 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe

2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxzoom.exe

2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxext.exe

2008-02-11 18:13 166,424 ----a-w C:\Windows\System32\hkcmd.exe

2008-02-11 18:13 141,848 ----a-w C:\Windows\System32\igfxtray.exe

2008-02-11 18:13 133,656 ----a-w C:\Windows\System32\igfxpers.exe

2008-02-11 17:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll

2008-02-11 17:36 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll

2008-02-11 17:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin

2008-02-11 17:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin

2008-02-11 17:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin

2008-02-11 17:01 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll

2008-02-11 17:01 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll

2008-02-11 16:48 245,760 ----a-w C:\Windows\System32\igfxTMM.dll

2008-02-11 16:47 69,632 ----a-w C:\Windows\System32\oemdspif.dll

2008-02-11 16:47 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll

2008-02-11 16:47 24,576 ----a-w C:\Windows\System32\igfxexps.dll

2008-02-11 16:47 204,800 ----a-w C:\Windows\System32\igfxpph.dll

2008-02-11 16:46 3,293,184 ----a-w C:\Windows\System32\igfxress.dll

2008-02-11 16:46 204,800 ----a-w C:\Windows\System32\igfxdev.dll

2008-02-11 16:46 135,168 ----a-w C:\Windows\System32\igfxdo.dll

2008-02-11 16:46 106,496 ----a-w C:\Windows\System32\hccutils.dll

2007-09-30 12:39 103,736 ----a-w C:\Users\Bart\AppData\Roaming\GDIPFONTCACHEV1.DAT

2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-09-22 10:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((( snapshot_2008-04-20_21.04.01,15 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-20 13:40:19 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-21 14:05:31 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-04-21 14:05:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-04-21 14:05:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-04-20 18:55:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-21 14:07:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-20 13:42:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-21 14:08:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-21 14:08:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-20 18:59:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-04-21 14:09:22 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-04-20 13:42:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-21 14:07:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-21 14:07:45 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-21 14:06:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-04-20 17:43:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-21 14:06:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-21 14:06:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-04-20 13:45:33 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-21 14:12:21 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-20 13:45:33 126,648 ----a-w C:\Windows\System32\perfc013.dat

+ 2008-04-21 14:12:21 126,648 ----a-w C:\Windows\System32\perfc013.dat

- 2008-04-20 13:45:33 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-21 14:12:21 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-20 13:45:33 667,120 ----a-w C:\Windows\System32\perfh013.dat

+ 2008-04-21 14:12:21 667,120 ----a-w C:\Windows\System32\perfh013.dat

- 2008-04-20 13:42:54 5,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin

+ 2008-04-21 14:08:01 5,512 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin

- 2008-04-20 13:42:54 57,930 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-21 14:08:01 57,946 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-20 13:42:51 52,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-21 13:20:21 52,072 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 23:59 68856]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

"qzgnljpo"="C:\ProgramData\qzgnljpo\ongfebcn.exe" [ ]

"VMkb4HTjpS"="C:\ProgramData\gncvojml\knqbgbup.exe" [ ]

"wcjezcww"="C:\ProgramData\wcjezcww\snmvuxep.exe" [ ]

"vrwwrtxr"="C:\ProgramData\vrwwrtxr\snmvuxep.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-02 11:11 3772416 C:\Windows\RtHDVCpl.exe]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-08-17 15:59 258134]

"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00 29744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-23 22:19:31 692224]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 11:14:28 421888]

Network Server.lnk - C:\Program Files\WIBUKEY\Server\WkSvMgr.exe [2008-04-15 15:13:13 3768320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{9640623C-8418-4177-AF8F-A674FF80DF4F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{8F984C0E-7AE6-4E47-8755-4CA668323F1B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{79CDA76A-A6BB-41BE-B529-E65EAC89D96C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"UDP Query User{F6F602E8-09DD-4382-B059-C082E64DC644}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter

"TCP Query User{7605BB9A-2523-4DAE-AF41-C98DC4A2C9D6}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{4EC2C31A-026E-4555-8870-4B597F6034BF}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"TCP Query User{A2D57D95-1C34-4909-8C66-CED6173B3A53}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"UDP Query User{1B8A60B7-AE60-4609-8D59-7177F3C284E7}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe

"TCP Query User{405FC589-26B4-4E96-B7B7-13D1E22FB063}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{A1A05DB9-EDE7-4354-B6A5-DFB1658D20FA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{23FA42BD-6E9D-4DBD-99A8-BB02C63092C0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{C9D310DC-97F7-412A-9E23-28A4D4F429A8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{C3504007-C8E0-402E-8438-DCC2ABD6CF3A}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp

"UDP Query User{9433D19C-E2B0-4E14-AE35-E858EFF16A79}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp

"{BB1F8097-458D-4286-8C13-CA6504A751F7}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{140D725A-8DD0-4E60-8ADD-86071C36FE3A}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"TCP Query User{FDAA8CC2-A234-4EC3-84E5-73795F75CCEA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{701849C1-DA41-42EA-8BA3-040D08C0C5C5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{8D473774-4EF3-476C-A78E-AFB6318910D8}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{B4C0FB00-7F52-4A1D-BEE3-6EC54B6CC94F}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{51B14973-C532-49EF-A60B-99F4B2AF967B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{69E389A6-1D27-4FE2-B35E-C58DCFF9F836}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{98300E0C-ED17-4712-B94F-52AB5C223889}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= UDP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver

"UDP Query User{8594B12E-929D-4578-81EC-393D1FEAEF7E}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= TCP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver

"TCP Query User{F8FEF068-1373-4630-9F4E-B7B924C3D314}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{E26C7FB7-DD42-442F-9EC7-9C4174ABCDD1}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"TCP Query User{489A21C4-CD64-41D4-A9B9-6AFA8C19C0A5}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek

"UDP Query User{933ECCF3-D503-4E20-8904-8574B0F1830F}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek

"{040BAAB3-582D-4025-92DC-616AFA00D020}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza

"{AA6E563A-0635-427A-9668-D4A4A94BAD1D}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza

"TCP Query User{724BE152-0FB7-4685-B17E-DF6AA5875875}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{4A331558-8C48-41E7-A4A2-21188DDCE254}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{BD73F861-354D-449E-BF9D-24B949A79380}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{49BF5D41-A2CD-4558-9E02-7DC5B71E80D5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{19A19C19-AA5F-4990-BE04-34F0A225699D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{D60C95A0-4B33-416B-8FE0-490FEA7B0A7B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"UDP Query User{37521B48-29ED-4587-AD69-4F100DF5F5F6}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar

"TCP Query User{70D2486B-B649-42F3-B6F7-39B1CA62EB78}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= UDP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component

"UDP Query User{9ACBBBC8-A4AB-40D9-B7B7-C666B32051A5}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= TCP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component

"TCP Query User{B19538FE-A1C9-4D28-BD5E-08CFBF8C330B}C:\\program files\\winscp\\winscp.exe"= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client

"UDP Query User{C7BEEE9E-4F04-42A0-A48C-BF0578CAC521}C:\\program files\\winscp\\winscp.exe"= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-08-17 15:58]

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 14:24]

R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5090ebe5-5796-11dc-9727-001150c6352e}]

\shell\Auto\command - UFO.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b300e99f-0aee-11dd-b6e3-001150c6352e}]

\shell\Auto\command - K:\UFO.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\UFO.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-21 14:03:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-04-21 14:00:24 C:\Windows\Tasks\User_Feed_Synchronization-{F3506F30-F03C-4547-B24B-ED550C9E79FF}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-21 16:12:43

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\Windows\Explorer.exe

-> C:\Windows\system32\BsLangInDepRes.dll

.

Voltooingstijd: 2008-04-21 16:14:18

ComboFix-quarantined-files.txt 2008-04-21 14:13:24

ComboFix2.txt 2008-04-20 19:05:07

ComboFix3.txt 2008-04-20 12:08:02

Pre-Run: 28,278,939,648 bytes beschikbaar

Post-Run: 28,149,858,304 bytes beschikbaar

302 --- E O F --- 2008-04-18 14:18:13

en hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:16:24, on 21-4-2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

C:\Program Files\FreePDF_XP\fpassist.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe

O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe

O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe

O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 10792 bytes

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.