Ga naar inhoud

[OPGELOST] Vundo : adware.Vundo Variant/Resident


Aanbevolen berichten

  • Reacties 26
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Oké, hier gaan we dan weer:

MBAM log:

Malwarebytes' Anti-Malware 1.12

Database versie: 744

Scan type: Volledige Scan (C:\|D:\|)

Objecten gescand: 149363

Verstreken tijd: 17 minute(s), 32 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Combo Fix log:

ComboFix 08-05-12.1 - Gebruiker 2008-05-13 22:46:02.5 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2089 [GMT 2:00]

Gestart vanuit: C:\temp\ComboFix.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))

.

2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-13 12:20 . 2008-05-13 13:15 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TM.blf

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-13 10:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys

2008-05-13 10:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys

2008-05-13 10:25 . 2008-05-13 10:25 1,649,976 --a------ C:\temp\mbam-setup.exe

2008-05-13 10:13 . 2008-05-13 10:13 1,914,914 --a------ C:\temp\ComboFix.exe

2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Favorites

2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\ProgramData\WLInstaller

2008-05-13 09:41 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live

2008-05-13 09:41 . 2008-05-13 09:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia

2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard

2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts

2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7

2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini

2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit

2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software

2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser

2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter

2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara

2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara

2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin

2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic

2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick

2008-04-21 17:28 . 2008-04-21 17:28 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag

2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles

2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008

2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll

2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll

2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll

2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll

2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll

2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire

2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-13 20:14 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml

2008-05-13 10:57 --------- d-----w C:\ProgramData\Google Updater

2008-05-13 10:21 --------- d---a-w C:\ProgramData\TEMP

2008-05-13 08:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com

2008-05-13 08:04 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys

2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel

2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent

2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet

2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso

2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager

2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA

2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB

2008-04-24 20:17 --------- d-----w C:\Program Files\Google

2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft

2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail

2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire

2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe

2008-04-09 08:29 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll

2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll

2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe

2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite

2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd

2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd

2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe

2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys

2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll

2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll

2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4

2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes

2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer

2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer

2008-03-29 10:13 --------- d-----w C:\Program Files\iPod

2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software

2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD

2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml

2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft

2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite

2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia

2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations

2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel

2008-03-15 23:20 --------- d-----w C:\Program Files\Corel

2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys

2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys

2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys

2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys

2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe

2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip

2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip

2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip

2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys

2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe

2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FBC4632-32E5-48B2-B4B3-0886717FC73D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

backup=C:\Windows\pss\Google Updater.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29]

S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30]

S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30]

S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27]

S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48]

S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50]

S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55]

S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50]

S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45]

S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20]

S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38]

S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28]

S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29]

S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26]

S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-13 20:18:18 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-13 22:47:32

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-13 22:48:43

ComboFix-quarantined-files.txt 2008-05-13 20:48:36

Pre-Run: 226,830,999,552 bytes beschikbaar

Post-Run: 226,798,399,488 bytes beschikbaar

254 --- E O F --- 2008-05-09 07:19:53

HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:51:46, on 13/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6FBC4632-32E5-48B2-B4B3-0886717FC73D} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--

End of file - 7006 bytes

Ik hoop dat het nu genezen is.

Laat mij iets weten aub.

PC werkt blijkbaar terug normaal.

Groetjes

Link naar reactie
Delen op andere sites

Hoi Eggers,

Jou PC is clean maaaaaar, Combofix moet op je bureaublad staan, anders kunnen we niet werken, en heb nog een paar zaken mee te geven.

Auslogics is niet aan te raden voor een HD te défragmenteren, ik weet, het gaat vlug en leuk, is maar schijn, verwijder dat via Software.

Groetjes,

Xeno:)

Link naar reactie
Delen op andere sites

Oké, erg bedankt voor de tijd die je in mijn probleem hebt gestoken.

Ik zal combofix erop laten staan.

En als ik dus goed begrepen heb deugt Auslogic disk defrag niet. Heb jij suggesties voor het defragmenteren of moet ik maar het programma gebruiken wat in Vista zit?

Groetjes

Link naar reactie
Delen op andere sites

De Windows-defrag is vooral traag (weet niet hoe het met de Vista-variant zit), maar toch niet echt slecht te noemen. En helemaal niet in vergelijking met Auslogics. Persoonlijk zou ik je JK Defrag kunnen aanbevelen. Maar er zullen ongetwijfeld nog andere nuttige adviezen volgen :)

Link naar reactie
Delen op andere sites

Hoi Eggers,

Er staat nog één file teveel op jou PC.

1. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


  • Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FBC4632-32E5-48B2-B4B3-0886717FC73D}]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScript.gif

Dit zal ComboFix doen herstarten.

Start opnieuw op als daarom gevraagd wordt,

2. Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.

Op het tabblad Main, plaats je een vinkje bij Select All.

Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:

Klik op tabblad Firefox, plaats een vinkje bij Select All.

Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.

(dit haalt het vinkje weer weg bij Firefox saved passwords)

Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:

Klik op tabblad Opera, plaats een vinkje bij Select All.

Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.

Klik op de knop Empty Selected.

Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.

3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /u

Zorg ervoor dat er dus een spatie is tussen Combofix en /

Daarna klik enter.

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Groetjes,

Xeno:)

Link naar reactie
Delen op andere sites

Alles uitgevoerd zoals voorgeschreven.

Voor de zekerheid nog een logje van ComboFix:

ComboFix 08-05-12.1 - Gebruiker 2008-05-14 22:24:49.6 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2095 [GMT 2:00]

Gestart vanuit: C:\temp\ComboFix.exe

Command switches used :: D:\Mijn dokumenten\Brieven\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))

.

2008-05-14 22:23 . 2008-05-14 22:23 1,914,914 --a------ C:\temp\ComboFix.exe

2008-05-14 21:29 . 2008-05-14 21:30 <DIR> d-------- C:\JKDefrag

2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-13 12:20 . 2008-05-13 13:15 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TM.blf

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-13 10:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys

2008-05-13 10:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys

2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Favorites

2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\ProgramData\WLInstaller

2008-05-13 09:41 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live

2008-05-13 09:41 . 2008-05-13 09:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia

2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard

2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts

2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7

2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini

2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit

2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software

2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser

2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter

2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara

2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara

2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin

2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic

2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick

2008-04-21 17:28 . 2008-05-14 10:41 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag

2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles

2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008

2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll

2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll

2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll

2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll

2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll

2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire

2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-14 19:25 --------- d-----w C:\ProgramData\Google Updater

2008-05-14 19:14 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml

2008-05-14 09:11 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-14 08:41 --------- d---a-w C:\ProgramData\TEMP

2008-05-13 08:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com

2008-05-13 08:04 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys

2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel

2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent

2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet

2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso

2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager

2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA

2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB

2008-04-24 20:17 --------- d-----w C:\Program Files\Google

2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft

2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail

2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire

2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe

2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll

2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll

2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe

2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite

2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd

2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd

2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe

2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys

2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll

2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll

2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4

2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes

2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer

2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer

2008-03-29 10:13 --------- d-----w C:\Program Files\iPod

2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software

2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD

2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml

2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft

2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite

2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia

2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations

2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel

2008-03-15 23:20 --------- d-----w C:\Program Files\Corel

2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys

2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys

2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys

2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys

2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe

2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip

2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip

2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip

2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys

2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe

2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

backup=C:\Windows\pss\Google Updater.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29]

S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30]

S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30]

S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27]

S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48]

S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50]

S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55]

S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50]

S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45]

S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20]

S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38]

S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28]

S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29]

S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26]

S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-14 20:17:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-14 22:26:03

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-14 22:26:46

ComboFix-quarantined-files.txt 2008-05-14 20:26:34

Pre-Run: 219,546,304,512 bytes beschikbaar

Post-Run: 219,534,774,272 bytes beschikbaar

255 --- E O F --- 2008-05-14 09:11:56

En nu we er toch zijn nog ene van HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:33:26, on 14/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--

End of file - 7112 bytes

Please, zeg me nu dat ik er van af ben!

Toch wreed bedankt voor de hulp!

Link naar reactie
Delen op andere sites

Alles uitgevoerd zoals voorgeschreven. :viking:

Voor de zekerheid nog een logje van ComboFix:

ComboFix 08-05-12.1 - Gebruiker 2008-05-14 22:24:49.6 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2095 [GMT 2:00]

Gestart vanuit: C:\temp\ComboFix.exe

Command switches used :: D:\Mijn dokumenten\Brieven\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))

.

2008-05-14 22:23 . 2008-05-14 22:23 1,914,914 --a------ C:\temp\ComboFix.exe

2008-05-14 21:29 . 2008-05-14 21:30 <DIR> d-------- C:\JKDefrag

2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-13 12:20 . 2008-05-13 13:15 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TM.blf

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-13 10:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys

2008-05-13 10:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys

2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Favorites

2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\ProgramData\WLInstaller

2008-05-13 09:41 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live

2008-05-13 09:41 . 2008-05-13 09:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf

2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia

2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard

2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts

2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7

2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini

2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit

2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software

2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser

2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter

2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara

2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara

2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin

2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic

2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick

2008-04-21 17:28 . 2008-05-14 10:41 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag

2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles

2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008

2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll

2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll

2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll

2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll

2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll

2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire

2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-14 19:25 --------- d-----w C:\ProgramData\Google Updater

2008-05-14 19:14 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml

2008-05-14 09:11 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-14 08:41 --------- d---a-w C:\ProgramData\TEMP

2008-05-13 08:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com

2008-05-13 08:04 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys

2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel

2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent

2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet

2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso

2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager

2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA

2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB

2008-04-24 20:17 --------- d-----w C:\Program Files\Google

2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft

2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail

2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire

2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe

2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll

2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll

2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe

2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite

2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech

2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd

2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd

2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe

2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys

2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll

2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll

2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4

2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes

2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer

2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer

2008-03-29 10:13 --------- d-----w C:\Program Files\iPod

2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software

2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD

2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml

2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft

2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite

2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia

2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations

2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel

2008-03-15 23:20 --------- d-----w C:\Program Files\Corel

2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys

2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys

2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys

2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys

2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe

2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip

2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip

2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip

2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys

2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe

2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableSecureUIAPaths"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

backup=C:\Windows\pss\Google Updater.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29]

S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30]

S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30]

S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27]

S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48]

S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50]

S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55]

S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50]

S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45]

S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20]

S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38]

S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28]

S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29]

S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26]

S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-14 20:17:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-14 22:26:03

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-14 22:26:46

ComboFix-quarantined-files.txt 2008-05-14 20:26:34

Pre-Run: 219,546,304,512 bytes beschikbaar

Post-Run: 219,534,774,272 bytes beschikbaar

255 --- E O F --- 2008-05-14 09:11:56

En nu we er toch zijn nog ene van HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:33:26, on 14/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--

End of file - 7112 bytes

Please, zeg me nu dat ik er van af ben! :s

Toch wreed bedankt voor de hulp!

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.