[OPGELOST] Weer een probleem

yolan · 6 juli 2009, 22:54

Mag ik eens iets vragen? Is HijackThis wel veilig?

want ik begin te twijfelen met dit hier, kijk maar eens even.

http://forums.zita.be/hijackthis-for...-analyzer.html

stegisoft · 6 juli 2009, 23:22

HijackThis is veilig maar HijackThis lost niet alles op.
Daarvoor gebruikt Kape verschillende programma's naargelang uw aard van virussen, rootkit, spyware enz.
Hij is een echte vakman die weet waar hij over spreekt.
Zoals hij doet leert je niet van vandaag op morgen maar met jaren ervaring.

Wat de meeste doen is juist verkeerd handelen.
Als Kape met u klaar is mag je gewoon HijackThis weer verwijderen.

kape · 6 juli 2009, 23:53

Citaat:

Oorspronkelijk geplaatst door yolanneke

Mag ik eens iets vragen? Is HijackThis wel veilig?
want ik begin te twijfelen met dit hier, kijk maar eens even.
Online hijackthis analyzer - Zita Forums

Waar in dit artikel naar verwezen wordt is de on-line analyser van HiJackThis.de ... en die is inderdaad niet altijd even betrouwbaar.

Wat ikzelf adviseer is het programma HiJackThis ... en dat maakt enkel een overzicht van alles wat draait op je PC. Op eigen handje daarin gaan woelen is niet de bedoeling. Enkel een logje maken ... en dan bekijken we dat eens.

yolan · 7 juli 2009, 12:00

Oke, bedankt voor het advies, ik begin nu met het uitvoeren van uw stappen

yolan · 7 juli 2009, 12:23

Oke, dit zijn de logjes:

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:50, on 7/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Yolan\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yolan\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.8.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 9914 bytes

Combofix log:

ComboFix 09-07-06.02 - Yolan 07/07/2009 12:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.2046.1040 [GMT 2:00]
Gestart vanuit: c:\users\Yolan\Desktop\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1164384613-1717541572-3670698198-500
c:\users\Yolan\AppData\Roaming\inst.exe
c:\windows\Installer\64923.msi
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))))))
.
2009-07-07 10:02 . 2009-07-07 10:02 -------- d-----w- c:\program files\Trend Micro
2009-07-06 21:12 . 2009-07-06 21:12 -------- d-----w- c:\programdata\HeidiSQL
2009-07-06 21:12 . 2009-07-06 21:12 -------- d-----w- c:\program files\HeidiSQL
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\users\Yolan\AppData\Roaming\Malwarebytes
2009-07-06 18:42 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\programdata\Malwarebytes
2009-07-06 18:42 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 09:13 . 2009-07-06 09:13 -------- d-----w- c:\program files\CCleaner
2009-06-30 20:34 . 2009-06-30 20:34 -------- d-----w- c:\program files\Audacity
2009-06-30 11:31 . 2009-06-30 11:33 -------- d-----w- c:\users\Yolan\AppData\Local\Microsoft Games
2009-06-25 15:19 . 2009-06-25 15:19 -------- d-----w- c:\users\Yolan\AppData\Roaming\HeidiSQL
2009-06-23 21:08 . 2009-06-23 21:10 -------- d-----w- c:\program files\Genesys PC Camera Device
2009-06-16 14:02 . 2009-06-16 14:02 -------- d-----w- c:\program files\Wolters Plantyn
2009-06-16 13:03 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-16 13:03 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 12:49 . 2009-06-16 12:49 -------- d-----w- c:\users\Yolan\AppData\Local\Microsoft Help
2009-06-14 16:55 . 2009-06-14 16:55 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 15:35 . 2009-06-14 15:35 -------- d-----w- c:\users\Yolan\AppData\Roaming\Ahead
2009-06-14 14:06 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 14:06 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 13:53 . 2009-06-14 13:53 -------- d-----w- c:\users\Yolan\Program Files
2009-06-13 12:17 . 2009-06-30 15:26 -------- d-----w- c:\users\Yolan\AppData\Roaming\BitTorrent
2009-06-13 12:16 . 2009-06-13 12:16 -------- d-----w- c:\users\Yolan\AppData\Local\DNA
2009-06-13 12:15 . 2009-07-07 10:15 -------- d-----w- c:\users\Yolan\AppData\Roaming\DNA
2009-06-13 12:15 . 2009-06-13 12:16 -------- d-----w- c:\program files\DNA
2009-06-13 12:15 . 2009-06-13 12:16 -------- d-----w- c:\program files\BitTorrent
2009-06-13 12:15 . 2009-06-13 12:15 -------- d-----w- c:\program files\AskBarDis
2009-06-13 12:00 . 2009-06-13 12:00 282624 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
2009-06-13 12:00 . 2009-06-13 12:00 200704 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
2009-06-13 12:00 . 2009-06-13 12:00 110592 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
2009-06-13 12:00 . 2009-06-13 12:00 225280 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
2009-06-13 12:00 . 2009-06-13 12:00 20992 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
2009-06-13 12:00 . 2009-06-13 12:00 19968 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
2009-06-13 12:00 . 2009-06-13 12:00 20480 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-06-13 12:00 . 2009-06-13 12:00 18944 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-06-13 12:00 . 2009-06-13 12:00 17408 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2009-06-13 12:00 . 2009-06-13 12:00 8192 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-06-13 12:00 . 2009-06-13 12:00 20480 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-06-13 10:19 . 2009-06-13 10:19 -------- d-----w- c:\programdata\CenerTCPMessenger
2009-06-13 10:17 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 10:16 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-13 10:15 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-13 10:06 . 2009-06-13 10:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD56A.tmp.exe
2009-06-13 09:55 . 2009-06-13 09:55 -------- d-----w- c:\programdata\WindowsSearch
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 10:01 . 2006-11-02 16:11 667352 ----a-w- c:\windows\system32\perfh013.dat
2009-07-07 10:01 . 2006-11-02 16:11 126854 ----a-w- c:\windows\system32\perfc013.dat
2009-07-07 09:59 . 2009-04-25 16:14 -------- d-----w- c:\program files\Curse
2009-07-06 21:27 . 2007-10-20 03:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-06 19:23 . 2009-02-20 15:07 84672 ----a-w- c:\users\Yolan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-06 08:54 . 2007-10-20 11:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-01 15:28 . 2009-02-20 21:25 48271 ----a-w- c:\users\Yolan\AppData\Roaming\nvModes.dat
2009-06-30 20:18 . 2009-04-15 19:14 -------- d-----w- c:\users\Yolan\AppData\Roaming\LimeWire
2009-06-16 13:44 . 2009-06-16 13:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-16 12:50 . 2007-10-20 12:39 -------- d-----w- c:\programdata\Microsoft Help
2009-06-13 14:26 . 2007-10-20 12:37 -------- d-----w- c:\program files\Microsoft Works
2009-06-13 11:59 . 2009-04-15 19:11 -------- d-----w- c:\program files\LimeWire
2009-06-06 13:54 . 2009-05-27 15:35 680 ----a-w- c:\users\Yolan\AppData\Local\d3d9caps.dat
2009-06-06 09:20 . 2009-04-21 18:07 -------- d-----w- c:\users\Yolan\AppData\Roaming\Download Manager
2009-05-31 09:08 . 2009-05-31 09:08 -------- d-----w- c:\users\Yolan\AppData\Roaming\Template
2009-05-31 09:07 . 2009-05-31 09:07 0 ----a-w- c:\users\Yolan\AppData\Roaming\wklnhst.dat
2009-05-30 13:47 . 2009-05-30 13:47 -------- d-----w- c:\users\Yolan\AppData\Roaming\Apple Computer
2009-05-30 13:46 . 2009-05-30 13:44 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-30 13:46 . 2009-05-30 13:44 -------- d-----w- c:\program files\iTunes
2009-05-30 13:44 . 2009-05-30 13:44 -------- d-----w- c:\program files\iPod
2009-05-30 13:44 . 2009-05-30 13:36 -------- d-----w- c:\program files\Common Files\Apple
2009-05-30 13:44 . 2009-05-30 13:38 -------- d-----w- c:\programdata\Apple Computer
2009-05-30 13:42 . 2009-05-30 13:42 -------- d-----w- c:\program files\Bonjour
2009-05-30 13:41 . 2009-05-30 13:39 -------- d-----w- c:\program files\QuickTime
2009-05-30 13:38 . 2009-05-30 13:38 -------- d-----w- c:\program files\Apple Software Update
2009-05-30 13:36 . 2009-05-30 13:36 -------- d-----w- c:\programdata\Apple
2009-05-20 12:43 . 2007-10-20 11:52 -------- d-----w- c:\programdata\BullGuard
2009-05-17 07:14 . 2009-05-17 07:14 -------- d-----w- c:\program files\World of Warcraft
2009-05-13 19:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 14:33 . 2009-05-09 14:33 -------- d-----w- c:\program files\Xvid
2009-05-09 14:33 . 2009-05-09 14:33 -------- d-----w- c:\program files\FDRLab
2007-09-11 13:46 . 2007-09-10 12:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 15:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BullGuard"="c:\program files\BullGuard Software\BullGuard\BullGuard.exe" [2009-02-20 308552]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-07 1966592]
"BitTorrent DNA"="c:\users\Yolan\Program Files\DNA\btdna.exe" [2009-06-14 321344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320]
"BullGuard"="c:\program files\BullGuard Software\BullGuard\bullguard.exe" [2009-02-20 308552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-09 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-09 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GenePccMon.exe"="c:\program files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 36864]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-01 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20F9385E-02EE-4C14-8963-AD533A21D30A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{DA0DB1A5-099E-42B0-90C7-DEF4A2E3F050}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10D081D7-0D04-4491-9E5C-066557065B61}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7EC6773B-3159-4441-B1DB-9ECB38E16B06}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{F4C450EB-75D2-4982-ABE8-78B03B2F3921}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9553CA21-B0E0-4FDC-B756-D15D1772C44D}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{244AF036-784A-4072-A117-F7D2E3B8B2B1}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"TCP Query User{958EBF75-E162-4BC9-A71F-74F925A17B99}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{F5EC0BBA-1EDA-4110-ADF5-0C1F8B94FF5F}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{5D7A3051-D7DA-42A6-B092-8D5CF2DD679A}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:Blizzard Downloader
"{65D74342-2DE5-441C-B278-6C046FB6F1A2}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:Blizzard Downloader
"{1EDD2D8E-E314-4D02-8918-7DE3416087D0}"= UDP:3724:Blizzard Downloader: 3724
"{10319DC7-ABB8-4BB4-A377-2327F0179E56}"= UDP:990:LocalSubnet:LocalSubnet|IF={867E95A8-A323-490C-80F2-7D338943AC4E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{11CAB1FD-76C4-4204-9B78-6649DDF83DFC}"= UDP:990:LocalSubnet:LocalSubnet|IF={867E95A8-A323-490C-80F2-7D338943AC4E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{6B08C779-5D38-4343-8E25-8940797D98CB}"= UDP:990:LocalSubnet:LocalSubnet|IF={867E95A8-A323-490C-80F2-7D338943AC4E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{21670095-57D8-450B-A756-6355A795A46C}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D06BCB77-6360-4FD9-9DB2-12ABDCDA992F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{65F9CFBC-CF07-4E1F-8101-B0EAE3C80A01}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{14972B5C-544C-449C-BEEB-6509055A63F0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E7BEA09-B203-4976-B0EB-A25D0F085DA1}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{5452AABF-EE6E-4DCD-BC52-6C0D8D50456D}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{571CEB25-8CE1-4E39-B533-15C66974702F}c:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= UDP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{F852B8D4-D989-4665-9CAA-4AE516B15AEB}c:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= TCP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{38B40B22-CD4B-4F3E-94CE-39F20ED2C9E0}c:\\ac web ultimate repack\\ascent\\logonserver.exe"= UDP:c:\ac web ultimate repack\ascent\logonserver.exe:logonserver
"UDP Query User{54AFB52E-E779-4674-AED0-22958A2637B4}c:\\ac web ultimate repack\\ascent\\logonserver.exe"= TCP:c:\ac web ultimate repack\ascent\logonserver.exe:logonserver
"TCP Query User{504CFFD1-36F7-4834-9918-3844360201F9}c:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= UDP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
"UDP Query User{D2AAD1BB-F1AF-4890-AD27-2CC8A24919D3}c:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= TCP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
"TCP Query User{74C2BCC4-A5C5-47C2-A4B3-C22A94A35C73}c:\\ac web ultimate repack\\ascent\\ascent.exe"= UDP:c:\ac web ultimate repack\ascent\ascent.exe:ascent
"UDP Query User{F8868211-9DA5-4A98-A3FD-D4965B12C8A0}c:\\ac web ultimate repack\\ascent\\ascent.exe"= TCP:c:\ac web ultimate repack\ascent\ascent.exe:ascent
"{E7D5819B-F225-40D1-BEEC-19477F884317}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B472176E-0685-462A-9497-51FFB2E7A208}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3AAC1AF9-46DF-43A3-B644-E659867F9846}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{00A95625-4B15-4E80-930B-17AB1E5E7554}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{15E189E6-7ED4-4F84-8222-E32FDC8486B0}"= UDP:c:\program files\DNA\btdna.exe

NA (TCP-In)
"{8723314A-630F-404F-8C90-85D36262B640}"= TCP:c:\program files\DNA\btdna.exe

NA (UDP-In)
"TCP Query User{DCC10470-3529-4A08-8B9D-AFAFCB96D64F}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{33A76CB9-42A2-4B90-8DB7-F3BDD49C43CB}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{C11F206C-CB16-4938-92A5-5B2A439156D3}c:\\users\\yolan\\program files\\dna\\btdna.exe"= UDP:c:\users\yolan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{7E7D593D-4469-479B-9767-322BC0FFFFA7}c:\\users\\yolan\\program files\\dna\\btdna.exe"= TCP:c:\users\yolan\program files\dna\btdna.exe:btdna.exe
"{42FCE072-31A3-47B5-9B33-2729D6215956}"= UDP:5353:Adobe CSI CS4
"{2F2A25A5-624C-488E-BE0A-263280D318BF}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{81FCD5F5-6F50-4E07-92DA-DEB06A967EF5}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{10ED76F7-7A60-451B-A191-BC7AD38B4F4A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{667D2756-6773-4A29-B2E0-58BE7CE358F3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D96E3454-0EF0-4AF3-ABFA-D0A3ACF4B327}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{5893FF2D-3A41-453D-B0F8-FEF4F4A2FB6F}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [20/02/2009 18:18 50896]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [22/02/2009 14:03 21504]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [22/02/2009 14:03 21504]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\System32\drivers\USBGENE.sys [20/10/2007 6:09 131584]
R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Software\BullGuard\Reconn.sys [16/05/2007 13:07 16984]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [20/10/2007 13:18 13976]
S3 PhilCap;NXP service;c:\windows\System32\drivers\PhilCap.sys [20/10/2007 6:08 908896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-07-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-07-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-07-07 c:\windows\Tasks\User_Feed_Synchronization-{88B5C6F3-7ADE-42B9-A704-27535A8DD925}.job
- c:\windows\system32\msfeedssync.exe [2009-06-16 11:31]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-AdobeBridge - (no file)

.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-07 12:20
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GenePccMon.exe = c:\program files\Genesys PC Camera Device\GenePccMon.exe???????????????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
*******************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Voltooingstijd: 2009-07-07 12:22
ComboFix-quarantined-files.txt 2009-07-07 10:22
Pre-Run: 96.772.411.392 bytes beschikbaar
Post-Run: 96.267.653.120 bytes beschikbaar
246 --- E O F --- 2009-07-07 10:11

kape · 7 juli 2009, 12:43

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.8.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::
c:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

yolan · 7 juli 2009, 16:28

Er staan een paar bestandjes niet in de lijst bij HiJackThis, kan dat kwaad?

kape · 7 juli 2009, 18:00

Neen ... indien ze reeds verdwenen zijn, des te beter. En dat zien we toch aan het nieuwe logje dat je moet posten

yolan · 7 juli 2009, 21:02

Hier is het logje:

ComboFix 09-07-07.06 - Yolan 07/07/2009 20:54.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.2046.1364 [GMT 2:00]
Gestart vanuit: c:\users\Yolan\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Yolan\Desktop\CFScript.txt
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))))))
.
2009-07-07 10:02 . 2009-07-07 10:02 -------- d-----w- c:\program files\Trend Micro
2009-07-06 21:12 . 2009-07-06 21:12 -------- d-----w- c:\programdata\HeidiSQL
2009-07-06 21:12 . 2009-07-06 21:12 -------- d-----w- c:\program files\HeidiSQL
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\users\Yolan\AppData\Roaming\Malwarebytes
2009-07-06 18:42 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\programdata\Malwarebytes
2009-07-06 18:42 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 09:13 . 2009-07-06 09:13 -------- d-----w- c:\program files\CCleaner
2009-06-30 20:34 . 2009-06-30 20:34 -------- d-----w- c:\program files\Audacity
2009-06-30 11:31 . 2009-06-30 11:33 -------- d-----w- c:\users\Yolan\AppData\Local\Microsoft Games
2009-06-25 15:19 . 2009-06-25 15:19 -------- d-----w- c:\users\Yolan\AppData\Roaming\HeidiSQL
2009-06-23 21:08 . 2009-06-23 21:10 -------- d-----w- c:\program files\Genesys PC Camera Device
2009-06-16 14:02 . 2009-06-16 14:02 -------- d-----w- c:\program files\Wolters Plantyn
2009-06-16 13:03 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-16 13:03 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 12:49 . 2009-06-16 12:49 -------- d-----w- c:\users\Yolan\AppData\Local\Microsoft Help
2009-06-14 15:35 . 2009-06-14 15:35 -------- d-----w- c:\users\Yolan\AppData\Roaming\Ahead
2009-06-14 14:06 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 14:06 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 13:53 . 2009-06-14 13:53 -------- d-----w- c:\users\Yolan\Program Files
2009-06-13 12:17 . 2009-06-30 15:26 -------- d-----w- c:\users\Yolan\AppData\Roaming\BitTorrent
2009-06-13 12:16 . 2009-06-13 12:16 -------- d-----w- c:\users\Yolan\AppData\Local\DNA
2009-06-13 12:15 . 2009-07-07 18:57 -------- d-----w- c:\users\Yolan\AppData\Roaming\DNA
2009-06-13 12:15 . 2009-06-13 12:16 -------- d-----w- c:\program files\DNA
2009-06-13 12:15 . 2009-06-13 12:16 -------- d-----w- c:\program files\BitTorrent
2009-06-13 12:00 . 2009-06-13 12:00 282624 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
2009-06-13 12:00 . 2009-06-13 12:00 200704 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
2009-06-13 12:00 . 2009-06-13 12:00 110592 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
2009-06-13 12:00 . 2009-06-13 12:00 225280 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
2009-06-13 12:00 . 2009-06-13 12:00 20992 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
2009-06-13 12:00 . 2009-06-13 12:00 19968 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
2009-06-13 12:00 . 2009-06-13 12:00 20480 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-06-13 12:00 . 2009-06-13 12:00 18944 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-06-13 12:00 . 2009-06-13 12:00 17408 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2009-06-13 12:00 . 2009-06-13 12:00 8192 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-06-13 12:00 . 2009-06-13 12:00 20480 ----a-w- c:\users\Yolan\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-06-13 10:19 . 2009-06-13 10:19 -------- d-----w- c:\programdata\CenerTCPMessenger
2009-06-13 10:17 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 10:16 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-13 10:15 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-13 10:06 . 2009-06-13 10:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD56A.tmp.exe
2009-06-13 09:55 . 2009-06-13 09:55 -------- d-----w- c:\programdata\WindowsSearch
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 14:27 . 2006-11-02 16:11 667352 ----a-w- c:\windows\system32\perfh013.dat
2009-07-07 14:27 . 2006-11-02 16:11 126854 ----a-w- c:\windows\system32\perfc013.dat
2009-07-07 14:15 . 2007-10-20 03:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-07 10:27 . 2007-10-20 11:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-07 09:59 . 2009-04-25 16:14 -------- d-----w- c:\program files\Curse
2009-07-06 19:23 . 2009-02-20 15:07 84672 ----a-w- c:\users\Yolan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 15:28 . 2009-02-20 21:25 48271 ----a-w- c:\users\Yolan\AppData\Roaming\nvModes.dat
2009-06-30 20:18 . 2009-04-15 19:14 -------- d-----w- c:\users\Yolan\AppData\Roaming\LimeWire
2009-06-16 13:44 . 2009-06-16 13:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-16 12:50 . 2007-10-20 12:39 -------- d-----w- c:\programdata\Microsoft Help
2009-06-13 14:26 . 2007-10-20 12:37 -------- d-----w- c:\program files\Microsoft Works
2009-06-13 11:59 . 2009-04-15 19:11 -------- d-----w- c:\program files\LimeWire
2009-06-06 13:54 . 2009-05-27 15:35 680 ----a-w- c:\users\Yolan\AppData\Local\d3d9caps.dat
2009-06-06 09:20 . 2009-04-21 18:07 -------- d-----w- c:\users\Yolan\AppData\Roaming\Download Manager
2009-05-31 09:08 . 2009-05-31 09:08 -------- d-----w- c:\users\Yolan\AppData\Roaming\Template
2009-05-31 09:07 . 2009-05-31 09:07 0 ----a-w- c:\users\Yolan\AppData\Roaming\wklnhst.dat
2009-05-30 13:47 . 2009-05-30 13:47 -------- d-----w- c:\users\Yolan\AppData\Roaming\Apple Computer
2009-05-30 13:46 . 2009-05-30 13:44 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-30 13:46 . 2009-05-30 13:44 -------- d-----w- c:\program files\iTunes
2009-05-30 13:44 . 2009-05-30 13:44 -------- d-----w- c:\program files\iPod
2009-05-30 13:44 . 2009-05-30 13:36 -------- d-----w- c:\program files\Common Files\Apple
2009-05-30 13:44 . 2009-05-30 13:38 -------- d-----w- c:\programdata\Apple Computer
2009-05-30 13:42 . 2009-05-30 13:42 -------- d-----w- c:\program files\Bonjour
2009-05-30 13:41 . 2009-05-30 13:39 -------- d-----w- c:\program files\QuickTime
2009-05-30 13:38 . 2009-05-30 13:38 -------- d-----w- c:\program files\Apple Software Update
2009-05-30 13:36 . 2009-05-30 13:36 -------- d-----w- c:\programdata\Apple
2009-05-20 12:43 . 2007-10-20 11:52 -------- d-----w- c:\programdata\BullGuard
2009-05-17 07:14 . 2009-05-17 07:14 -------- d-----w- c:\program files\World of Warcraft
2009-05-13 19:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 14:33 . 2009-05-09 14:33 -------- d-----w- c:\program files\Xvid
2009-05-09 14:33 . 2009-05-09 14:33 -------- d-----w- c:\program files\FDRLab
2007-09-11 13:46 . 2007-09-10 12:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-07_10.20.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-20 04:00 . 2009-07-07 14:22 40418 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-07-07 09:56 55466 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-07 14:22 55466 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-20 15:07 . 2009-07-07 18:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 15:07 . 2009-07-07 10:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 15:07 . 2009-07-07 10:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 15:07 . 2009-07-07 18:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-20 15:07 . 2009-07-07 18:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-20 15:07 . 2009-07-07 10:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-20 15:07 . 2009-07-07 14:22 7084 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1164384613-1717541572-3670698198-1001_UserData.bin
- 2009-02-20 15:07 . 2009-07-07 09:56 7084 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1164384613-1717541572-3670698198-1001_UserData.bin
- 2009-07-07 09:54 . 2009-07-07 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-07 14:20 . 2009-07-07 14:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-07 14:20 . 2009-07-07 14:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-07 09:54 . 2009-07-07 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-23 17:26 . 2009-07-07 18:37 231778 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-07 14:27 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-07 10:01 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-07 14:27 101250 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-07 10:01 101250 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BullGuard"="c:\program files\BullGuard Software\BullGuard\BullGuard.exe" [2009-02-20 308552]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-07 1966592]
"BitTorrent DNA"="c:\users\Yolan\Program Files\DNA\btdna.exe" [2009-06-14 321344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320]
"BullGuard"="c:\program files\BullGuard Software\BullGuard\bullguard.exe" [2009-02-20 308552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-09 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-09 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"GenePccMon.exe"="c:\program files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 36864]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-01 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20F9385E-02EE-4C14-8963-AD533A21D30A}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{DA0DB1A5-099E-42B0-90C7-DEF4A2E3F050}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10D081D7-0D04-4491-9E5C-066557065B61}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7EC6773B-3159-4441-B1DB-9ECB38E16B06}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{F4C450EB-75D2-4982-ABE8-78B03B2F3921}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9553CA21-B0E0-4FDC-B756-D15D1772C44D}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{244AF036-784A-4072-A117-F7D2E3B8B2B1}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"TCP Query User{958EBF75-E162-4BC9-A71F-74F925A17B99}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{F5EC0BBA-1EDA-4110-ADF5-0C1F8B94FF5F}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{5D7A3051-D7DA-42A6-B092-8D5CF2DD679A}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:Blizzard Downloader
"{65D74342-2DE5-441C-B278-6C046FB6F1A2}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:Blizzard Downloader
"{1EDD2D8E-E314-4D02-8918-7DE3416087D0}"= UDP:3724:Blizzard Downloader: 3724
"{10319DC7-ABB8-4BB4-A377-2327F0179E56}"= UDP:990:LocalSubnet:LocalSubnet|IF={867E95A8-A323-490C-80F2-7D338943AC4E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{11CAB1FD-76C4-4204-9B78-6649DDF83DFC}"= UDP:990:LocalSubnet:LocalSubnet|IF={867E95A8-A323-490C-80F2-7D338943AC4E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{6B08C779-5D38-4343-8E25-8940797D98CB}"= UDP:990:LocalSubnet:LocalSubnet|IF={867E95A8-A323-490C-80F2-7D338943AC4E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{21670095-57D8-450B-A756-6355A795A46C}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D06BCB77-6360-4FD9-9DB2-12ABDCDA992F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{65F9CFBC-CF07-4E1F-8101-B0EAE3C80A01}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{14972B5C-544C-449C-BEEB-6509055A63F0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E7BEA09-B203-4976-B0EB-A25D0F085DA1}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{5452AABF-EE6E-4DCD-BC52-6C0D8D50456D}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{571CEB25-8CE1-4E39-B533-15C66974702F}c:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= UDP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{F852B8D4-D989-4665-9CAA-4AE516B15AEB}c:\\ac web ultimate repack\\server\\apache\\bin\\apache.exe"= TCP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{38B40B22-CD4B-4F3E-94CE-39F20ED2C9E0}c:\\ac web ultimate repack\\ascent\\logonserver.exe"= UDP:c:\ac web ultimate repack\ascent\logonserver.exe:logonserver
"UDP Query User{54AFB52E-E779-4674-AED0-22958A2637B4}c:\\ac web ultimate repack\\ascent\\logonserver.exe"= TCP:c:\ac web ultimate repack\ascent\logonserver.exe:logonserver
"TCP Query User{504CFFD1-36F7-4834-9918-3844360201F9}c:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= UDP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
"UDP Query User{D2AAD1BB-F1AF-4890-AD27-2CC8A24919D3}c:\\ac web ultimate repack\\server\\mysql\\bin\\mysqld.exe"= TCP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
"TCP Query User{74C2BCC4-A5C5-47C2-A4B3-C22A94A35C73}c:\\ac web ultimate repack\\ascent\\ascent.exe"= UDP:c:\ac web ultimate repack\ascent\ascent.exe:ascent
"UDP Query User{F8868211-9DA5-4A98-A3FD-D4965B12C8A0}c:\\ac web ultimate repack\\ascent\\ascent.exe"= TCP:c:\ac web ultimate repack\ascent\ascent.exe:ascent
"{E7D5819B-F225-40D1-BEEC-19477F884317}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B472176E-0685-462A-9497-51FFB2E7A208}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3AAC1AF9-46DF-43A3-B644-E659867F9846}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{00A95625-4B15-4E80-930B-17AB1E5E7554}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{15E189E6-7ED4-4F84-8222-E32FDC8486B0}"= UDP:c:\program files\DNA\btdna.exe

NA (TCP-In)
"{8723314A-630F-404F-8C90-85D36262B640}"= TCP:c:\program files\DNA\btdna.exe

NA (UDP-In)
"TCP Query User{DCC10470-3529-4A08-8B9D-AFAFCB96D64F}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{33A76CB9-42A2-4B90-8DB7-F3BDD49C43CB}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{C11F206C-CB16-4938-92A5-5B2A439156D3}c:\\users\\yolan\\program files\\dna\\btdna.exe"= UDP:c:\users\yolan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{7E7D593D-4469-479B-9767-322BC0FFFFA7}c:\\users\\yolan\\program files\\dna\\btdna.exe"= TCP:c:\users\yolan\program files\dna\btdna.exe:btdna.exe
"{2F2A25A5-624C-488E-BE0A-263280D318BF}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{81FCD5F5-6F50-4E07-92DA-DEB06A967EF5}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{10ED76F7-7A60-451B-A191-BC7AD38B4F4A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{667D2756-6773-4A29-B2E0-58BE7CE358F3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [20/02/2009 18:18 50896]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [22/02/2009 14:03 21504]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [22/02/2009 14:03 21504]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\System32\drivers\USBGENE.sys [20/10/2007 6:09 131584]
R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Software\BullGuard\Reconn.sys [16/05/2007 13:07 16984]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [20/10/2007 13:18 13976]
S3 PhilCap;NXP service;c:\windows\System32\drivers\PhilCap.sys [20/10/2007 6:08 908896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-07-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-07-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-07-07 c:\windows\Tasks\User_Feed_Synchronization-{88B5C6F3-7ADE-42B9-A704-27535A8DD925}.job
- c:\windows\system32\msfeedssync.exe [2009-06-16 11:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-07 20:59
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GenePccMon.exe = c:\program files\Genesys PC Camera Device\GenePccMon.exe?????????????????????????????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
*********************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Voltooingstijd: 2009-07-07 21:01
ComboFix-quarantined-files.txt 2009-07-07 19:01
ComboFix2.txt 2009-07-07 10:22
Pre-Run: 103.949.467.648 bytes beschikbaar
Post-Run: 103.960.604.672 bytes beschikbaar
263 --- E O F --- 2009-07-07 10:11

kape · 8 juli 2009, 11:32

Mooie opruiming ... en nu nog graag een nieuw log van HiJackThis ?