[OPGELOST] hijack log, plz analyse!

wietsebuseyne · 4 juli 2009

Hallo iedereen,

ik heb de laatste tijd wat problemen met mijn computer en heb een sterk vermoeden dat die door malware veroorzaakt worden. Ik heb een hijacklogje gemaakt en hoop dat jullie het kunnen bekijken en mij vertellen wat er verkeerd/slecht is.

dank bij voorbaat,

Wietse

online (al geanalyseerd maar ik heb toch liever dat een mens mij vertelt wat goed/slecht is en geen computer)

HiJackThis! Log auto analyzer V2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:32, on 4/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\GM4IE\gm4ie.exe
C:\Windows\System32\abnapjsdf.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5E06398E-3017-467B-A399-18425A20F655} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [softickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [GM4IE] C:\Program Files\GM4IE\gm4ie.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [Windows] "C:\Users\Public\Public Documents\Windows Movie Player\player.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Startup: abnapjsdf.lnk = C:\Windows\System32\abnapjsdf.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs:  C:\Program Files\Rockstar Games\Grand Theft Auto IV\TeknoGods.dll, avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate1c9ba0415a8d4b2) (gupdate1c9ba0415a8d4b2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13957 bytes

kape · 4 juli 2009

Even kijken of er veel verschil is tussen de analyse van de machine en die van de mens

Ga naar Start - Uitvoeren en tik in: sc stop npggsvc

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete npggsvc

Druk op Enter.

Eerst een twijfelgeval : deze MEGAUPLOADTOOLBAR gebruik je die en heb je die bewust geïnstalleerd ? Zo ja, OK. Zo neen, mag je de 02 en 03-lijnen van deze toolbar hieronder nog toevoegen aan het lijstje met te fixen items via HJT.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {5E06398E-3017-467B-A399-18425A20F655} - (no file)

O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [Windows] "C:\Users\Public\Public Documents\Windows Movie Player\player.exe" (User 'IUSR_NMPR')

O4 - Startup: abnapjsdf.lnk = C:\Windows\System32\abnapjsdf.exe

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder). De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

wietsebuseyne · 4 juli 2009

Malwarebytes' Anti-Malware 1.38
Database versie: 2374
Windows 6.0.6001 Service Pack 1

4/07/2009 20:41:54
mbam-log-2009-07-04 (20-41-54).txt

Scan type: Snelle Scan
Objecten gescand: 92395
Verstreken tijd: 6 minute(s), 59 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 9
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 12
Bestanden geïnfecteerd: 17

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\Typelib\{a44b024a-ce32-4bda-0075-c799a4bff141} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e06398e-3017-467b-a399-18425a20f655} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantiSpyware2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\crucialsoft ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\crucialsoft ltd\ms antispyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\crucialsoft ltd\ms antispyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\crucialsoft ltd\ms antispyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\crucialsoft ltd\ms antispyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\dbases (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\keys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\temp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\Users\Eigenaar\AppData\Local\Temp\Sse+H9zp.exe.part (Rogue.Installer) -> Quarantined and deleted successfully.
c:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\programdata\crucialsoft ltd\ms antispyware 2009\LOG\20090325215514710.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\totalvid\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\keys\cg.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\keys\rd.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\keys\sc.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\keys\sp.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\Users\Eigenaar\AppData\Roaming\privacy center\temp\spfilter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\videosoft\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:54, on 4/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\GM4IE\gm4ie.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [softickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [GM4IE] C:\Program Files\GM4IE\gm4ie.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1557816039-2575818237-151829343-1000\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldnl-be.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs:  C:\Program Files\Rockstar Games\Grand Theft Auto IV\TeknoGods.dll, avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate1c9ba0415a8d4b2) (gupdate1c9ba0415a8d4b2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12968 bytes

voilà ze

kape · 4 juli 2009

Malwarebytes heeft behoorlijk wat rotzooi opgeruimd en logje van HiJackThis ziet er goed uit. Nog een stapje verder dan :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

wietsebuseyne · 4 juli 2009

Ik had wel 1 probleempje: Ik had AVG uitgezet maar toch zei combofix dat het nog actief was... Ik heb dan maar bij processen gekeken en zag dat er idd nog 2 processen van AVG draaiden, maar ik kon ze om de een of andere reden niet beëindigen. Ik heb dan maar gewoon doorgegaan aangezien de hoofdcomponent van AVG al uitstond....

Hier is het logje:

ComboFix 09-07-04.04 - Eigenaar 05/07/2009  0:31.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.3069.1791 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\videosoft
c:\users\Eigenaar\AppData\Roaming\inst.exe
c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\videosoft
c:\users\Eigenaar\cookies.sqlite
c:\windows\Installer\2bfc5.msi
c:\windows\Installer\51602.msi
D:\resycled

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-06-04 to 2009-07-04  ))))))))))))))))))))))))))))))
.

2009-07-04 22:40 . 2009-07-04 22:40    --------    d-----w-    c:\users\Eigenaar\AppData\Local\temp
2009-07-04 22:40 . 2009-07-04 22:40    --------    d-----w-    c:\users\IUSR_NMPR\AppData\Local\temp
2009-07-04 22:27 . 2009-07-04 22:27    --------    d-----w-    c:\program files\iPod
2009-07-04 22:27 . 2009-07-04 22:27    --------    d-----w-    c:\program files\iTunes
2009-07-04 22:25 . 2009-07-04 22:25    --------    d-----w-    c:\program files\QuickTime
2009-07-04 22:20 . 2009-07-04 22:20    75048    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-04 18:28 . 2009-07-04 18:28    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2009-07-04 18:28 . 2009-06-17 09:27    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 18:28 . 2009-07-04 18:28    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-07-04 18:28 . 2009-07-04 18:28    --------    d-----w-    c:\programdata\Malwarebytes
2009-07-04 18:28 . 2009-06-17 09:27    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-07-04 16:20 . 2009-07-04 16:20    --------    d-----w-    c:\program files\Trend Micro
2009-07-04 15:45 . 2009-07-04 15:45    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\RadiantSettings
2009-07-04 15:44 . 2009-07-04 15:44    --------    d-----w-    c:\program files\GtkRadiant 1.5.0
2009-07-04 13:43 . 2009-07-04 13:43    290816    ----a-w-    c:\users\Eigenaar\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-04 13:43 . 2009-07-04 13:43    290816    ----a-w-    c:\users\Eigenaar\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-04 13:43 . 2009-07-04 13:43    290816    ----a-w-    c:\users\Eigenaar\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-04 13:43 . 2009-07-04 13:43    290816    ----a-w-    c:\users\Eigenaar\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-02 14:46 . 2009-07-04 21:35    22328    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2009-07-02 14:46 . 2009-07-04 21:35    107832    ----a-w-    c:\windows\system32\PnkBstrB.exe
2009-07-02 13:27 . 1999-12-17 08:13    86016    ----a-w-    c:\windows\unvise32.exe
2009-07-02 13:24 . 2009-07-04 15:43    --------    d-----w-    c:\program files\Quake III Arena
2009-07-01 21:48 . 2009-07-01 21:48    --------    d-----w-    c:\program files\uTorrent
2009-07-01 21:35 . 2009-07-01 21:39    --------    d-----w-    c:\program files\CrossLoop
2009-06-30 16:10 . 2009-06-30 16:11    --------    d-----w-    c:\program files\Master of Defense
2009-06-30 16:09 . 2009-06-30 16:09    --------    d-----w-    c:\program files\bfgclient
2009-06-30 16:08 . 2009-06-30 16:09    --------    d-----w-    C:\BigFishGamesCache
2009-06-25 13:30 . 2009-06-25 16:48    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2009-06-25 13:05 . 2009-06-25 13:05    --------    d-----w-    c:\programdata\Blizzard
2009-06-25 08:30 . 2009-06-25 08:30    --------    d-----w-    c:\programdata\FLEXnet
2009-06-24 16:57 . 2009-06-25 16:49    --------    d-----w-    c:\users\Public\Games
2009-06-24 16:17 . 2009-06-24 16:17    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2009-06-24 15:43 . 2009-07-04 08:43    --------    d-----w-    c:\programdata\TrackMania
2009-06-23 16:42 . 2009-06-27 15:54    --------    d-----w-    c:\program files\Raptor 1.04b
2009-06-23 11:26 . 2009-06-23 11:26    86528    ----a-w-    c:\windows\cadkasdeinst01e.exe
2009-06-22 16:01 . 2009-06-22 16:01    --------    d-----w-    c:\program files\ATTNaturalVoices
2009-06-21 15:00 . 2009-06-21 15:00    --------    d-----w-    c:\program files\NextUp-ScanSoft
2009-06-21 14:58 . 2009-06-21 14:58    --------    d-----w-    c:\program files\NeoSpeech
2009-06-20 18:26 . 2009-06-20 18:26    --------    d-----w-    c:\users\Eigenaar\AppData\Local\Native Instruments
2009-06-20 18:24 . 2009-06-20 18:24    --------    d-----w-    c:\program files\Native Instruments
2009-06-20 12:52 . 2009-06-20 12:54    --------    d-----w-    c:\program files\Portable_EasyCoverDesignPro_2.08
2009-06-19 17:27 . 2009-06-20 17:56    --------    d-----w-    c:\program files\Easy CD & DVD Cover Creator
2009-06-19 17:07 . 2009-06-19 17:08    --------    d-----w-    c:\program files\coverXP
2009-06-19 16:58 . 2009-06-19 16:58    --------    d-----w-    c:\program files\CoverPro
2009-06-19 09:38 . 2009-06-19 09:56    --------    d-----w-    c:\users\Eigenaar\dwhelper
2009-06-19 09:33 . 2009-06-19 09:33    --------    d-----w-    c:\program files\ConvertHelper
2009-06-17 12:48 . 2008-12-11 06:38    159600    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2009-06-17 12:48 . 2009-04-03 09:18    130936    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2009-06-17 12:48 . 2008-12-18 10:16    73840    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-17 12:48 . 2009-06-17 12:49    --------    d-----w-    c:\program files\Common Files\PC Tools
2009-06-17 12:48 . 2008-12-10 09:36    64392    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2009-06-17 12:48 . 2009-06-17 12:48    --------    d-----w-    c:\programdata\PC Tools
2009-06-16 17:44 . 2009-07-01 22:22    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\uTorrent
2009-06-14 15:03 . 2009-06-14 15:05    --------    d-----w-    c:\program files\Peggle Nights Deluxe
2009-06-14 15:03 . 2009-06-14 15:03    --------    d-----w-    c:\program files\Steveredrum
2009-06-14 14:35 . 2009-06-14 14:35    --------    d-----w-    c:\programdata\Steam
2009-06-14 14:35 . 2009-06-14 14:35    --------    d-----w-    c:\program files\Peggle Extreme
2009-06-13 08:27 . 2009-04-21 11:55    2033152    ----a-w-    c:\windows\system32\win32k.sys
2009-06-13 08:27 . 2009-04-30 12:37    293376    ----a-w-    c:\windows\system32\psisdecd.dll
2009-06-13 08:27 . 2009-04-30 12:37    428544    ----a-w-    c:\windows\system32\EncDec.dll
2009-06-10 16:33 . 2009-06-10 16:33    9899296    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33    678432    ----a-w-    c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33    457248    ----a-w-    c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33    3148288    ----a-w-    c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33    1704960    ----a-w-    c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33    151552    ----a-w-    c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33    151552    ----a-w-    c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33    1317408    ----a-w-    c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33    10379264    ----a-w-    c:\windows\system32\nvoglv32.dll
2009-06-10 06:35 . 2009-06-10 06:35    1505824    ----a-w-    c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35    1358368    ----a-w-    c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35    1194528    ----a-w-    c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35    1296928    ----a-w-    c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33    467968    ----a-w-    c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33    3953152    ----a-w-    c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33    141824    ----a-w-    c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33    171520    ----a-w-    c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33    232960    ----a-w-    c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32    257536    ----a-w-    c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32    301568    ----a-w-    c:\windows\system32\nvSCPAPI64.dll
2009-06-07 17:52 . 2009-06-07 18:03    --------    d-----w-    c:\program files\Pariah

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 22:31 . 2008-10-27 22:14    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\DNA
2009-07-04 22:28 . 2009-05-09 19:49    133970    ----a-w-    c:\programdata\nvModes.dat
2009-07-04 22:27 . 2008-10-29 17:17    --------    d-----w-    c:\program files\Common Files\Apple
2009-07-04 21:34 . 2008-10-20 20:06    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\Xfire
2009-07-04 21:31 . 2008-02-13 10:23    --------    d-----w-    c:\programdata\NVIDIA
2009-07-04 21:30 . 2008-10-27 22:14    --------    d-----w-    c:\program files\DNA
2009-07-04 21:30 . 2008-10-21 17:48    680    ----a-w-    c:\users\Eigenaar\AppData\Local\d3d9caps.dat
2009-07-04 13:52 . 2008-12-15 11:49    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2009-07-04 13:52 . 2008-12-15 11:50    --------    d-----w-    c:\program files\AGEIA Technologies
2009-07-04 13:43 . 2008-12-10 18:58    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\SystemRequirementsLab
2009-07-04 13:30 . 2008-12-10 19:31    --------    d-----w-    c:\programdata\DriverScanner
2009-07-02 21:23 . 2007-10-12 10:57    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-07-02 16:51 . 2008-12-09 11:29    --------    d-----w-    c:\program files\Ultra Mobile 3GP Video Converter
2009-07-02 14:46 . 2008-12-16 19:33    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2009-07-02 13:25 . 2009-03-06 16:57    --------    d-----w-    c:\program files\Mplayer
2009-07-01 22:59 . 2006-11-02 16:11    670070    ----a-w-    c:\windows\system32\perfh013.dat
2009-07-01 22:59 . 2006-11-02 16:11    127694    ----a-w-    c:\windows\system32\perfc013.dat
2009-07-01 22:26 . 2008-11-22 16:23    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\Hamachi
2009-07-01 12:55 . 2009-04-16 02:56    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\LimeWire
2009-06-30 13:15 . 2008-12-26 00:22    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\Browzar
2009-06-28 07:48 . 2009-02-03 16:15    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-06-28 07:48 . 2009-01-26 15:23    327688    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-06-28 07:48 . 2009-01-26 15:23    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 15:54 . 2008-11-29 21:00    --------    d-----w-    c:\programdata\Xfire
2009-06-27 07:29 . 2009-04-27 07:12    552    ----a-w-    c:\users\Eigenaar\AppData\Local\d3d8caps.dat
2009-06-24 16:28 . 2008-10-20 19:43    --------    d-----w-    c:\program files\Common Files\Adobe
2009-06-23 13:16 . 2009-02-25 19:36    --------    d-----w-    c:\program files\UltraStar Deluxe
2009-06-23 10:10 . 2008-11-29 21:01    --------    d-----w-    c:\program files\Warcraft III
2009-06-22 13:25 . 2008-10-14 14:30    121560    ----a-w-    c:\users\Eigenaar\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-21 19:49 . 2008-10-14 14:21    --------    d-----w-    c:\program files\Google
2009-06-21 19:48 . 2009-05-31 21:40    --------    d-----w-    c:\program files\PopCap Games
2009-06-21 19:47 . 2008-11-08 14:52    --------    d-----w-    c:\program files\Ubisoft
2009-06-21 16:49 . 2009-01-17 21:47    --------    d-----w-    c:\program files\Left 4 Dead
2009-06-19 14:26 . 2009-04-09 14:43    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2009-06-19 14:26 . 2009-04-09 14:43    --------    d-----w-    c:\program files\DVDVideoSoft
2009-06-19 12:49 . 2009-01-07 15:52    --------    d-----w-    c:\program files\The Witcher
2009-06-19 12:46 . 2009-01-19 19:56    --------    d-----w-    c:\program files\ImTOO
2009-06-17 13:18 . 2009-02-18 16:03    --------    d-----w-    c:\program files\Spyware Doctor
2009-06-16 18:51 . 2009-06-01 12:35    --------    d-----w-    c:\program files\TextAloud
2009-06-14 15:03 . 2009-05-31 21:40    --------    d-----w-    c:\programdata\PopCap Games
2009-06-13 08:34 . 2007-10-12 14:40    --------    d-----w-    c:\programdata\Microsoft Help
2009-06-12 17:10 . 2009-05-02 16:59    --------    d-----w-    c:\program files\Diablo II
2009-06-10 16:33 . 2009-06-10 16:33    4224    ----a-w-    c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2008-02-13 09:21    7611904    ----a-w-    c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2008-02-13 09:21    989696    ----a-w-    c:\windows\system32\nvapi.dll
2009-06-10 04:33 . 2008-03-27 16:50    244736    ----a-w-    c:\windows\system32\nvStInst.exe
2009-06-10 04:32 . 2008-03-27 16:50    3293184    ----a-w-    c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2008-03-27 16:50    5847    ----a-w-    c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2008-03-27 16:50    167424    ----a-w-    c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2008-03-27 16:50    1718272    ----a-w-    c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2008-03-27 16:50    1034752    ----a-w-    c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2008-03-27 16:50    89088    ----a-w-    c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2008-03-27 16:50    1656    ----a-w-    c:\windows\system32\nvstdef.reg
2009-06-04 14:39 . 2008-02-13 10:19    457248    ----a-w-    c:\windows\system32\NVUNINST.EXE
2009-06-01 12:36 . 2009-06-01 12:36    --------    d-----w-    c:\programdata\NextUp
2009-06-01 12:08 . 2009-06-01 12:08    4930    ----a-w-    c:\windows\system32\drivers\hwinterface32B01.sys
2009-05-29 11:36 . 2009-05-29 11:36    39424    ----a-w-    c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-05-29 11:36    2060288    ----a-w-    c:\windows\system32\usbaaplrc.dll
2009-05-25 16:22 . 2009-02-21 12:13    --------    d-----w-    c:\program files\Garena
2009-05-24 15:04 . 2008-10-20 19:35    --------    d-----w-    c:\users\Eigenaar\AppData\Roaming\BSplayer
2009-05-24 09:36 . 2009-05-24 09:36    --------    d-----w-    c:\program files\EclipseCrossword
2009-05-23 15:28 . 2009-05-23 15:28    --------    d-----w-    c:\program files\Thrustmaster
2009-05-21 11:14 . 2009-05-21 11:14    --------    d-----w-    c:\program files\Devious Codeworks
2009-05-18 16:33 . 2008-12-03 19:13    --------    d-----w-    c:\program files\Activision
2009-05-18 16:32 . 2007-10-12 10:57    --------    d-----w-    c:\program files\Common Files\InstallShield
2009-05-13 11:42 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-05-10 08:26 . 2009-05-10 08:25    --------    d-----w-    c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 17:37 . 2009-05-09 17:37    --------    d-----w-    c:\program files\Microsoft SQL Server
2009-05-09 17:37 . 2009-05-09 17:32    --------    d-----w-    c:\program files\Microsoft Visual Studio 9.0
2009-05-09 17:37 . 2009-05-09 17:37    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2009-05-09 17:37 . 2009-05-09 17:37    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2009-05-09 17:35 . 2009-05-09 17:35    193824    ----a-w-    c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-05-09 17:34 . 2009-05-09 17:34    416    ----a-w-    c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-05-09 17:31 . 2009-05-09 17:31    --------    d-----w-    c:\program files\Microsoft SDKs
2009-05-09 17:09 . 2008-11-12 17:45    --------    d-----w-    c:\program files\SystemRequirementsLab
2009-05-09 05:50 . 2009-06-13 08:26    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-13 08:26    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-05-02 17:42 . 2009-05-02 17:32    36055    ----a-w-    c:\windows\DIIUnin.dat
2009-05-02 17:32 . 2009-05-02 17:32    2829    ----a-w-    c:\windows\DIIUnin.pif
2009-05-02 17:32 . 2009-05-02 17:32    94208    ----a-w-    c:\windows\DIIUnin.exe
2009-04-30 20:02 . 2009-04-30 20:02    143360    ----a-w-    c:\windows\system32\nvcod146.dll
2009-04-28 07:55 . 2009-04-28 07:55    70936    ----a-w-    c:\windows\system32\PhysXLoader.dll
2009-04-25 14:33 . 2009-04-25 14:33    220926964    ----a-w-    c:\users\Eigenaar\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2009-04-25 14:33 . 2009-04-25 14:58    480688    ----a-w-    c:\users\Eigenaar\AppData\Roaming\ijjigame\ijjistarter2FxB.exe
2009-04-23 12:43 . 2009-06-13 08:26    784896    ----a-w-    c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-13 08:26    636928    ----a-w-    c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20    14311680    ----a-w-    c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20    13642496    ----a-w-    c:\windows\system32\xlivefnt.dll
2009-04-16 02:56 . 2009-04-16 02:56    8192    ----a-w-    c:\users\Eigenaar\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-04-16 02:56 . 2009-04-16 02:56    20480    ----a-w-    c:\users\Eigenaar\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2007-11-05 1791488]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]
"GM4IE"="c:\program files\GM4IE\gm4ie.exe" [2006-07-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 155648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-26 6707744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoftickPPP"="c:\program files\Softick\PPP\Bin\PPPGate.exe" [2004-02-16 158208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-3-21 3025232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7D4572D2-8784-406B-A5F8-4D2D5959C3C3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFADDC61-246B-4985-9A66-50351C78F6D6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31767E90-F446-4E00-812E-84AA42CC264D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{750444E4-9977-4204-98A1-6D956B2E46DC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AEDD3BB0-38BB-4736-9DB4-96BF96EAE3F1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{B07A6A26-92B7-4FCE-B8C3-EAE549466843}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{3C6AF1D9-ACF3-4195-9602-5EF8FAC65380}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{1FED2666-923C-4A82-B741-A7FC4EE1D9F6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{C06E1107-89C0-4DAF-978F-9DD588D3FC36}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{11297E20-CFAF-45CB-89E6-465AA8EA2C4E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4A72BF13-1DD4-484F-8692-152511D4C267}"= c:\program files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{D72B71F6-74BE-4417-98C6-370B0F1B93FE}"= c:\program files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{0957244D-6AE3-404A-9F9F-20549BB40341}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{B3CA7FFE-CC21-47A4-AFC3-C66C42F4E449}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{60F06109-F1C7-4580-85F1-025D1A64AD15}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{0571E6C7-5FBA-4FC7-B6BD-9F20BBF2673E}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{F45E4789-5E11-4810-B74A-B22E91C27586}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{AB7B7193-D16D-44EF-9C2B-4AD17983BE49}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D946F7E8-ACDF-4083-A1F1-4996A41B5ACD}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{64C31394-5508-41FD-B040-F97394AE67C4}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{92BF6371-0FF7-466A-9D69-2E73024565FF}c:\\program files\\bearshare pro\\bearshare.exe"= UDP:c:\program files\bearshare pro\bearshare.exe:BearShare
"UDP Query User{102AA3BD-0017-41BB-A701-5FAB1BB446DA}c:\\program files\\bearshare pro\\bearshare.exe"= TCP:c:\program files\bearshare pro\bearshare.exe:BearShare
"{28434F8D-B932-41C3-AE1B-276899CF78D2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{ABA682C8-8911-4A70-B168-2B68BA4DEE54}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{CE3B8BAF-A735-4DBE-9685-9A008EC36695}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B7C7EF08-8635-45BB-8B7A-9B64182461CF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3FC44AED-785F-49D3-96AB-45F754EDCDC0}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F3B9AADA-BC68-440F-B42A-D1674B864FF7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{EC85C417-3833-4B97-A8B5-92CBB00E19CE}"= UDP:c:\users\Eigenaar\Desktop\Bittorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{5399E380-48BB-4EAD-B43A-F00B7B6624B8}"= TCP:c:\users\Eigenaar\Desktop\Bittorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{F6E339F8-40EF-4878-A290-4856CBE839A5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{99CB2447-5D0C-4568-A8CE-00BA0BC5CE23}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{312EFA62-BA87-4D37-AE25-CF4A7C9F998F}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{030FE5FE-D2DF-4278-962F-379270F49C65}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{0FB96E23-0548-449E-BFD4-EBAF23D96E58}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{643B4B6A-C827-420A-9774-25F0698747DB}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{1E45E3B5-AB74-410A-AB23-ED10D49BCD64}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9FDADCBF-AD7C-4496-8DAB-7D51DD6BD1D6}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{A5373F64-6A71-4D54-A227-00164A3610DA}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{15685C45-81B7-42CF-A0E3-3142602D3F6D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9E6A72BE-CC73-4BA6-BF6A-9A24429409CF}c:\\program files\\codemasters\\overlord\\overlord.exe"= UDP:c:\program files\codemasters\overlord\overlord.exe:Game Application
"UDP Query User{9B130FDB-BFE6-48B1-8BF3-54858CEB62EF}c:\\program files\\codemasters\\overlord\\overlord.exe"= TCP:c:\program files\codemasters\overlord\overlord.exe:Game Application
"TCP Query User{1223F9DB-6093-4518-8EDE-DC7F81C7D0D5}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{8FB626F5-5336-46F4-B9C1-226160380BF4}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{6E8B11C3-F57A-4F2F-84F9-8B79D6B40E58}c:\\users\\eigenaar\\desktop\\bittorrent\\bittorrent.exe"= UDP:c:\users\eigenaar\desktop\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{36573855-6813-4765-8457-DFC2D2F9FF90}c:\\users\\eigenaar\\desktop\\bittorrent\\bittorrent.exe"= TCP:c:\users\eigenaar\desktop\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{36EE903F-ECB8-4C9D-8181-B392AF9026C1}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{BF431D83-372D-421C-9B6D-34993E4A1AD1}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{2DD9B992-5761-470E-B43E-E193C7CD8F07}c:\\users\\eigenaar\\desktop\\warcraft iii\\war3.exe"= UDP:c:\users\eigenaar\desktop\warcraft iii\war3.exe:war3.exe
"UDP Query User{499883FD-F749-41CB-B3F8-A491C0711DE1}c:\\users\\eigenaar\\desktop\\warcraft iii\\war3.exe"= TCP:c:\users\eigenaar\desktop\warcraft iii\war3.exe:war3.exe
"{B0E5B698-1E8F-422B-9277-42459284B153}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{857B3F69-CD6C-4712-A578-A354A5C354E7}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"TCP Query User{547C1932-9192-40B4-BBD1-DCAC9F9F5087}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{6A14A688-9241-42BF-9829-07CE756B430D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{7DD522A5-4371-41EC-B761-D0B14DAE6761}"= UDP:c:\users\Eigenaar\Desktop\Downloads\portable_clusterwire\Portable.LimeWire.PRO.4.18.8-By-Clusterbomb\Portable.LimeWire.PRO.4.18.8-By-Meeen.exe:LimeWire
"{7B3CF7E4-615E-48EA-A704-C3C3DB1A00D1}"= TCP:c:\users\Eigenaar\Desktop\Downloads\portable_clusterwire\Portable.LimeWire.PRO.4.18.8-By-Clusterbomb\Portable.LimeWire.PRO.4.18.8-By-Meeen.exe:LimeWire
"TCP Query User{F4E1F8A9-1F44-4198-8990-74F366937786}c:\\program files\\activision\\call of duty - world at war\\codwaw_lanfixed.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{E932D053-09F7-4805-A719-CCF98D2CBA1E}c:\\program files\\activision\\call of duty - world at war\\codwaw_lanfixed.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"TCP Query User{82E49889-649C-4190-9964-A0BF806786F6}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{5042704E-CB60-4A1D-9BA8-49656BB48429}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"{1601F6AA-27B1-4DE7-84C0-98254C355BD4}"= UDP:c:\users\Eigenaar\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{CC3A51E9-E095-40E2-9CAB-C2D0578F934D}"= TCP:c:\users\Eigenaar\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"TCP Query User{96E4ACE4-3584-488C-8FF6-BD9DE1D6DB47}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{40AD9D3B-441E-4B52-B6BF-5489B059F8DE}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{5CD726B8-8098-4869-BC35-7519D530B893}c:\\program files\\trackmania united\\tmunited.exe"= UDP:c:\program files\trackmania united\tmunited.exe:TmUnited
"UDP Query User{319B46ED-BA1F-4B00-987A-D0D1B679811D}c:\\program files\\trackmania united\\tmunited.exe"= TCP:c:\program files\trackmania united\tmunited.exe:TmUnited
"TCP Query User{D4234521-39AA-45A7-B03C-4B20A7AEBC79}c:\\users\\eigenaar\\desktop\\downloads\\tmu-dtn\\crack\\tmunited.exe"= Disabled:UDP:c:\users\eigenaar\desktop\downloads\tmu-dtn\crack\tmunited.exe:tmunited.exe
"UDP Query User{5E64B695-605E-447A-8B4B-8FFF67B9129E}c:\\users\\eigenaar\\desktop\\downloads\\tmu-dtn\\crack\\tmunited.exe"= Disabled:TCP:c:\users\eigenaar\desktop\downloads\tmu-dtn\crack\tmunited.exe:tmunited.exe
"TCP Query User{5E2EB10D-B5B7-4438-8E92-055C71C11FD5}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{25272485-4CDD-4204-9C56-A7253734BCB8}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{E4554992-21B6-48E9-A77D-AEB82D716D6B}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{8B02BDDF-0F66-4732-AC7B-FE8BEF902BC0}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{4583C8BF-EA9B-4D65-99D8-E9C7A5372FAC}f:\\spelletjes\\race\\test drive unlimited\\tdu\\tdu\\testdriveunlimited.exe"= UDP:f:\spelletjes\race\test drive unlimited\tdu\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{2F0ED514-D4FD-4AA9-A9FE-8403114E9840}f:\\spelletjes\\race\\test drive unlimited\\tdu\\tdu\\testdriveunlimited.exe"= TCP:f:\spelletjes\race\test drive unlimited\tdu\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{75B10F15-27D9-4F99-897E-8224B03DB996}c:\\users\\eigenaar\\desktop\\tdu\\tdu\\testdriveunlimited.exe"= UDP:c:\users\eigenaar\desktop\tdu\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{EDDC02DD-7925-4E22-9D62-AE68B44E6DB3}c:\\users\\eigenaar\\desktop\\tdu\\tdu\\testdriveunlimited.exe"= TCP:c:\users\eigenaar\desktop\tdu\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{58AD7619-6922-4961-9C03-1F8FCA8306D3}c:\\users\\eigenaar\\documents\\wietse\\spelletjes\\uploader.exe"= UDP:c:\users\eigenaar\documents\wietse\spelletjes\uploader.exe:uploader.exe
"UDP Query User{2FDB576F-A0F7-4650-8D7D-50A52523F78C}c:\\users\\eigenaar\\documents\\wietse\\spelletjes\\uploader.exe"= TCP:c:\users\eigenaar\documents\wietse\spelletjes\uploader.exe:uploader.exe
"TCP Query User{E195148C-C566-456E-9468-BFE969DEE5CC}c:\\users\\eigenaar\\documents\\wietse\\spelletjes\\gsm\\uploader.exe"= UDP:c:\users\eigenaar\documents\wietse\spelletjes\gsm\uploader.exe:uploader.exe
"UDP Query User{37A9373C-F431-4D0A-9910-35DBD3391954}c:\\users\\eigenaar\\documents\\wietse\\spelletjes\\gsm\\uploader.exe"= TCP:c:\users\eigenaar\documents\wietse\spelletjes\gsm\uploader.exe:uploader.exe
"TCP Query User{B29DC984-1312-417D-B75A-3104B2403C36}c:\\users\\eigenaar\\documents\\wietse\\spelletjes\\gsm\\uploader.exe"= UDP:c:\users\eigenaar\documents\wietse\spelletjes\gsm\uploader.exe:uploader.exe
"UDP Query User{7AE6AA01-E444-45AF-9C3B-3170C1418198}c:\\users\\eigenaar\\documents\\wietse\\spelletjes\\gsm\\uploader.exe"= TCP:c:\users\eigenaar\documents\wietse\spelletjes\gsm\uploader.exe:uploader.exe
"TCP Query User{5AA408B1-A101-4A48-9CE4-233521A8BDD5}c:\\program files\\test driver unlimited\\tdu\\testdriveunlimited.exe"= UDP:c:\program files\test driver unlimited\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{89E80A2C-9DC9-4074-B5B6-DAECE0550970}c:\\program files\\test driver unlimited\\tdu\\testdriveunlimited.exe"= TCP:c:\program files\test driver unlimited\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{2E2B0270-9C05-44B0-ADC4-99DCE0F948B1}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{2866B8A5-668A-4B97-A7B2-EC7E953BF7F9}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{CD33F38F-9152-44F7-9EC8-C396AF91BF26}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead
"UDP Query User{0A2F0A50-41C0-4B9E-BC6A-938F11850F46}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead
"{C032D311-AC6E-4BB0-BD46-E1203898DA4C}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{066F06D4-7D77-4257-ABD2-3F1EAE10716F}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{55A5610B-9430-4DF9-B93F-21668EAB64D5}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{EA013C5C-2F62-4148-AF67-642A2DAF301F}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{0D0A6367-6577-482B-9D9F-BF6A298C9AD2}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{79C3AE71-2316-4491-809E-97D0FDC1EC8A}c:\\program files\\cabal online eu\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\cabal online eu\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{4C5690F5-F8B3-4C5B-A015-F895C91DB8AC}c:\\program files\\cabal online eu\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\cabal online eu\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{B14DA4DB-AC3F-45D5-9658-6E8EFBD8B75C}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{4E945EB8-63FA-465C-A45F-EEB1E4F9D6B5}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"TCP Query User{809B4739-2EAC-4FB9-9C80-D6DAD7B5488D}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{F94ECB4E-08FD-4CB3-A56A-B3D675E854CE}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{9F8FFDDD-91A6-4924-B629-172C2CCCE9EB}f:\\spelletjes\\roleplaying\\deep silver\\sacred 2 - fallen angel\\system\\s2gs.exe"= UDP:f:\spelletjes\roleplaying\deep silver\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server
"UDP Query User{BE2A5433-DF3B-4731-8D1E-B6F9777EE07C}f:\\spelletjes\\roleplaying\\deep silver\\sacred 2 - fallen angel\\system\\s2gs.exe"= TCP:f:\spelletjes\roleplaying\deep silver\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server
"TCP Query User{D175962C-A778-48A0-9DF6-4AF6EA67C97E}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{79CF7EBD-6E7A-4594-B75F-36EC4E910151}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"TCP Query User{6C310037-AA01-48BF-8188-4989AC29BD5E}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead
"UDP Query User{83141191-2B60-44F5-AC2B-48A49B58D633}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead
"TCP Query User{176475E4-AEC6-4871-A378-C654E5B96E4A}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E1A4CC75-D9E5-43C4-A2C1-B132FBB40FF9}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{E2E388E9-F201-42C0-AB12-A0CEE61FE4A9}c:\\program files\\3do\\heroes3\\heroes3.exe"= UDP:c:\program files\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"UDP Query User{92931291-7156-4C7E-BA05-4CC49AC603C7}c:\\program files\\3do\\heroes3\\heroes3.exe"= TCP:c:\program files\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"{AD298C45-3218-4C07-8791-2A146A2559FB}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E5BB613-92FB-4C03-AE44-D1E8567CFC18}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{BD783058-3EB3-4B1F-91BA-E2C7B5706839}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{03C90648-B1A1-49D1-B0CB-830098B61C84}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{6A1576BF-3D3F-4069-8BCB-1B0320BF7835}c:\\program files\\hasbro interactive\\rollercoaster tycoon\\rct.exe"= UDP:c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe:rct
"UDP Query User{B597FC4C-30EA-4664-9A5A-FED4DEBA9584}c:\\program files\\hasbro interactive\\rollercoaster tycoon\\rct.exe"= TCP:c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe:rct
"TCP Query User{0D5D9504-3AE9-4906-81E4-AA011E9E6D11}c:\\users\\eigenaar\\desktop\\downloads\\rct\\rct.exe"= UDP:c:\users\eigenaar\desktop\downloads\rct\rct.exe:rct.exe
"UDP Query User{3FD4AEC9-46CD-44A1-B29A-E94C0847D925}c:\\users\\eigenaar\\desktop\\downloads\\rct\\rct.exe"= TCP:c:\users\eigenaar\desktop\downloads\rct\rct.exe:rct.exe
"TCP Query User{CAB16F1F-0ABC-408F-80B4-6B8AB1D8A2B0}c:\\users\\eigenaar\\desktop\\hasbro interactive\\rollercoaster tycoon\\rct.exe"= UDP:c:\users\eigenaar\desktop\hasbro interactive\rollercoaster tycoon\rct.exe:rct.exe
"UDP Query User{6DE329C1-6831-4C46-879A-7BFDCB847F81}c:\\users\\eigenaar\\desktop\\hasbro interactive\\rollercoaster tycoon\\rct.exe"= TCP:c:\users\eigenaar\desktop\hasbro interactive\rollercoaster tycoon\rct.exe:rct.exe
"{E5FB2325-3B92-4492-9CC5-D1F49E106C3C}"= UDP:c:\users\Eigenaar\Desktop\Downloads\Harde schijf\Limewire Pro\Portable.LimeWire.PRO.4.18.8-By-Clusterbomb\Portable.LimeWire.PRO.4.18.8-By-Meeen.exe:LimeWire
"{8CE343CC-6563-4A7E-8DD6-B6982A67C2B4}"= TCP:c:\users\Eigenaar\Desktop\Downloads\Harde schijf\Limewire Pro\Portable.LimeWire.PRO.4.18.8-By-Clusterbomb\Portable.LimeWire.PRO.4.18.8-By-Meeen.exe:LimeWire
"TCP Query User{A4EABF04-6127-4177-8272-188D061C1081}c:\\users\\eigenaar\\desktop\\cryptload_1.1.6\\routerclient.exe"= UDP:c:\users\eigenaar\desktop\cryptload_1.1.6\routerclient.exe:routerclient.exe
"UDP Query User{46A420A7-C4C4-4489-B3A0-B6E104875EB2}c:\\users\\eigenaar\\desktop\\cryptload_1.1.6\\routerclient.exe"= TCP:c:\users\eigenaar\desktop\cryptload_1.1.6\routerclient.exe:routerclient.exe
"{8FB9B53A-154F-42A9-90D2-6D2029D02824}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A292F15C-AE6F-45F3-8366-7835CBCF92FD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{37BDBBB0-6C03-47B7-BFBC-E6C39119A53A}c:\\fifa 09\\fifa 09\\fifa09.exe"= UDP:c:\fifa 09\fifa 09\fifa09.exe:FIFA09
"UDP Query User{F1DA740C-7A2A-4D7E-9A2E-D1D058EE1A0F}c:\\fifa 09\\fifa 09\\fifa09.exe"= TCP:c:\fifa 09\fifa 09\fifa09.exe:FIFA09
"TCP Query User{28693368-C0E6-4CFC-85AA-5FA33AC9B948}k:\\spelletjes\\race\\test drive unlimited\\tdu\\testdriveunlimited.exe"= UDP:k:\spelletjes\race\test drive unlimited\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{C0964F5A-216A-47BE-8663-D5ABAF8E9242}k:\\spelletjes\\race\\test drive unlimited\\tdu\\testdriveunlimited.exe"= TCP:k:\spelletjes\race\test drive unlimited\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{B3F9DD31-58EC-40FC-B6D8-750557726401}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"UDP Query User{C70C9BC6-ED11-40A0-BA35-6781A34C3626}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"TCP Query User{5C2EB139-55CA-491F-887C-C2D8734A4AC5}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz
"UDP Query User{F80D936C-2827-4744-A4FE-CE69E7F9FEB4}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz
"TCP Query User{0F2A4849-8CEA-4828-96F6-9B66B7361290}c:\\users\\eigenaar\\desktop\\downloads\\uploader.exe"= UDP:c:\users\eigenaar\desktop\downloads\uploader.exe:uploader.exe
"UDP Query User{0BBF7096-387F-482C-A802-3A487BB37FC8}c:\\users\\eigenaar\\desktop\\downloads\\uploader.exe"= TCP:c:\users\eigenaar\desktop\downloads\uploader.exe:uploader.exe
"{892B81A4-6BC8-465F-9C8F-93A1ECE8D2E1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6D1811BD-0139-448A-A2B2-26D02C6E182E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{FDAFC778-3EEE-49F1-A0A6-556D516F3D92}c:\\program files\\activision\\call of duty - world at war\\lan fix v1.4.exe"= UDP:c:\program files\activision\call of duty - world at war\lan fix v1.4.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{59FC1887-E174-4A29-83F8-30504A407A1F}c:\\program files\\activision\\call of duty - world at war\\lan fix v1.4.exe"= TCP:c:\program files\activision\call of duty - world at war\lan fix v1.4.exe:Call of Duty(R): World at War Campaign/Coop
"TCP Query User{5D3BEBFA-AC1B-4A4C-964C-FD754E158145}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{A5389950-BC00-4486-A421-2BBF410740AF}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{13F0E9C9-47B6-4426-B1CA-7E843CF11F1D}"= UDP:c:\program files\Nakido\nakido.exe:Nakido
"{62980855-38C9-4762-93B4-9DAEE2513E9F}"= TCP:c:\program files\Nakido\nakido.exe:Nakido
"TCP Query User{718A94C6-1E20-48EC-80C9-7B8DDA5B7083}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{022B581C-8075-4BDC-8E0D-433523B5BBE5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{16065CD9-881C-4830-8473-A8A3D1664764}c:\\users\\eigenaar\\desktop\\downloads\\freezer v1.4\\freezer.exe"= UDP:c:\users\eigenaar\desktop\downloads\freezer v1.4\freezer.exe:freezer.exe
"UDP Query User{53A8703D-802A-464B-BC4C-5E9E65178D6A}c:\\users\\eigenaar\\desktop\\downloads\\freezer v1.4\\freezer.exe"= TCP:c:\users\eigenaar\desktop\downloads\freezer v1.4\freezer.exe:freezer.exe
"TCP Query User{79AB2579-5DB3-4AFD-8F17-4C5DB27F5413}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6141434C-D116-4D4B-933A-99AA572A6BCD}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{B7B60BBF-0108-406E-BA46-86A6770DB56F}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5DC00FC8-CCAE-4956-AFA8-826EA7C88E14}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"TCP Query User{0BF2A27D-B100-4E4E-BFDF-FB10B61A9786}c:\\users\\eigenaar\\appdata\\local\\temp\\rarsfx2\\flash.exe"= UDP:c:\users\eigenaar\appdata\local\temp\rarsfx2\flash.exe:flash.exe
"UDP Query User{B08221A7-487E-46DA-AE72-6B16953F0A90}c:\\users\\eigenaar\\appdata\\local\\temp\\rarsfx2\\flash.exe"= TCP:c:\users\eigenaar\appdata\local\temp\rarsfx2\flash.exe:flash.exe
"{4D8C0098-09AC-46DE-B042-9683BBCACEEB}"= UDP:5353:Adobe CSI CS4
"{1DD8065D-F1B7-42AB-8AC9-201D10A04DA2}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3EB5CA70-D86C-42BE-8969-BA673731A1FE}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{C0AD7891-981A-42EB-B5F1-4A5D6F96C420}c:\\program files\\adobe\\adobe flash cs4\\flash.exe"= UDP:c:\program files\adobe\adobe flash cs4\flash.exe:Adobe Flash CS4
"UDP Query User{B580F0E4-23F1-4E09-A22F-9F46DEC34CC0}c:\\program files\\adobe\\adobe flash cs4\\flash.exe"= TCP:c:\program files\adobe\adobe flash cs4\flash.exe:Adobe Flash CS4
"TCP Query User{73649366-F749-41C8-8125-7A151CC68E6E}c:\\downloads\\world of warcraft\\launcher.exe"= UDP:c:\downloads\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{AEF0D184-C9F8-4115-B832-A3D0AC19AF59}c:\\downloads\\world of warcraft\\launcher.exe"= TCP:c:\downloads\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{A569C1F5-CA49-4113-905A-F963002A2517}c:\\downloads\\world of warcraft\\repair.exe"= UDP:c:\downloads\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{38867AAA-8962-4C91-9E28-C39FE2339ED1}c:\\downloads\\world of warcraft\\repair.exe"= TCP:c:\downloads\world of warcraft\repair.exe:Blizzard Repair Utility
"{2F266167-5843-409F-9662-A81CA31EA7D5}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:Blizzard Downloader
"{F4D17B76-6577-4758-B858-88B7DA64848F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:Blizzard Downloader
"{9AC56913-96EB-404E-B3B5-C8B6919047D8}"= UDP:3724:Blizzard Downloader: 3724
"{C7DBF976-172A-40B8-800F-DEB373EB9E9F}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{8D144FE1-2A83-43E2-B566-F7C16E119C09}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{63B27E1B-2AD4-4C6B-BBB0-3F2925BE9F08}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"UDP Query User{3BAE2879-FE7C-4DA0-A3AE-8390742044B8}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"{071B1587-1E46-4037-88F0-95B99F6FAAA5}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{75332FDE-4358-4B38-8242-F072E371F3E5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{714943FE-9227-4C54-8D02-4AFD78F801DB}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{0495A3F6-8181-476D-98A4-696B484F5120}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3
"TCP Query User{64D810A9-5931-42EF-A03A-5360D852D236}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{29593AC8-4BA3-45DD-84E8-F82C425FB220}c:\\program files\\quake iii arena\\quake3.exe"= TCP:c:\program files\quake iii arena\quake3.exe:quake3
"{5AB37A13-8E66-4CE9-859C-B7B18BC615A5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F6EAA662-86FB-4B93-A0AE-EE90F61E6DC9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisabledInterfaces"= {60C696AB-AA3E-41B5-BB9B-8A8546971D6D}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [4/11/2008 19:14 38448]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [17/06/2009 14:48 130936]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5/07/2006 14:46 63352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/01/2009 17:23 327688]
R1 hwinterface32B01;hwinterface32B01;c:\windows\System32\drivers\hwinterface32B01.sys [1/06/2009 14:08 4930]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\System32\drivers\NetBurn.sys [4/11/2008 19:13 84752]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/02/2009 18:15 298776]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12/02/2007 12:46 208896]
R2 NetBurnerService;Net Burner iSCSI Service;c:\program files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe [4/11/2008 19:14 223248]
R2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [27/06/2007 11:14 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18/02/2007 21:34 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [27/06/2007 11:17 272600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 6:33 232960]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [13/02/2008 14:03 290909]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [13/02/2008 14:03 114779]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [13/02/2008 11:20 1302368]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [30/10/2007 14:58 5632]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [9/10/2007 23:26 554496]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [12/10/2007 13:28 13976]
S2 gupdate1c9ba0415a8d4b2;Google Updateservice (gupdate1c9ba0415a8d4b2);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2009 19:44 133104]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [27/06/2007 11:15 39640]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/02/2009 18:03 348752]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - PNKBSTRK
*Deregistered* - PnkBstrK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:44]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:44]

2009-07-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\qluky4qj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 00:40
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1557816039-2575818237-151829343-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DD9B772D-B0D5-55CD-6442-4A3D7820BDF0}*]
"bbnckdiojdjmmmmgphihgmedboocippekmfi"=hex:61,62,6f,68,70,69,6b,65,70,69,63,70,
  69,6c,6b,61,6d,6a,69,68,69,6e,6d,6c,6e,6c,66,6e,62,6b,69,66,66,6b,00,00
"abnckdiojdjmmmmgphhhdllofejgfnnbkn"=hex:61,62,68,68,68,63,6e,68,70,65,67,6f,
  65,6a,6a,64,67,6c,61,66,6a,64,63,67,61,70,64,69,68,6b,6b,6c,70,69,00,00

[HKEY_USERS\S-1-5-21-1557816039-2575818237-151829343-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:32,d9,55,97,71,eb,f5,bf,40,1a,fa,1b,92,81,bd,ec,af,d9,8a,c4,6c,5c,15,
  b6,0b,f7,39,d8,07,59,5e,55,e1,6e,9e,11,0f,79,f1,dc,57,96,bf,02,c0,c5,96,14,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1557816039-2575818237-151829343-1001\Software\SecuROM\License information*]
"datasecu"=hex:4b,42,51,1a,97,ae,f9,4b,ad,89,c4,50,40,85,0e,0d,36,5d,f4,5f,8f,
  01,04,4f,d1,91,3d,19,e4,6d,a3,fa,02,7f,92,c1,f4,d3,b3,a3,86,0f,85,5f,57,c5,\
"rkeysecu"=hex:95,61,d2,f0,76,b0,4f,7e,ff,c0,5d,da,98,29,c5,f8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2009-07-04  0:42
ComboFix-quarantined-files.txt  2009-07-04 22:42

Pre-Run: 45.200.220.160 bytes beschikbaar
Post-Run: 45.669.449.728 bytes beschikbaar

518    --- E O F ---    2009-06-24 09:45

Voila, dit is het, ik heb gezien dat videosoft blijkbaar niet zo goed is... Hoop dat nu alle rotzooi verwijderd is! Allesinds bedankt voor de snelle hulp!

Wietse

kape · 5 juli 2009

Behoorlijke schoonmaak gehouden in alle logjes En dan de cruciale vraag : zijn hiermee ook je problemen opgelost ?

wietsebuseyne · 5 juli 2009

Ja, bedankt voor alle hulp!!! (zie hulde aan Kape-post :p )

kape · 5 juli 2009

Haha ... je bent nog niet van mij af. Heb even je topic terug geopend, want er moet nog wat schoonmaak gehouden worden

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.En dan mag je je onderwerp opnieuw hoogstpersoonlijk afsluiten

P.S. : bedankt voor het speciale topic ... maar dat hoefde echt niet, hoor

Inloggen

[OPGELOST] hijack log, plz analyse!

Aanbevolen berichten

wietsebuseyne

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

wietsebuseyne

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

wietsebuseyne

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

wietsebuseyne

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie