[OPGELOST] Virus

Dag allen,

Vooraleerst, veel respect voor iedereen die hier zit om een ander te helpen met zijn PC... Je kent (meestal) die persoon toch niet... Topsite dus...

Maar, ik ben hier dus (zoals je al wist denk ik) omdat ik ook een probleem heb. Een virus namelijk. De laatste dagen draait mijn PC zijn internet niet meer naar behoren. FireFox werkt het minst goed. Zwaardere pagina's laadt hij niet meer... Met IE gaat het wat beter, maar ik zou natuurlijk hem weer helemaal in orde krijgen. Daarbovenop krijg ik met regelmatige tijden weer "stoeme" sites, te pas en te ons op mijn scherm. Met -ik denk- het bekende bericht dat mijn PC gevaar loopt... (Crashen, ...)

De oorzaak weet ik... Een virus gedownload... Zo leer ik het nog af te downloaden... Nuja, het kwaad is geschied.

Ik heb hier al wat rondgekeken en ik zag vaak dat men vroeg om het 'rapport' van HJT. Dat heb ik dus gemaakt. (Dat het niet in stukken en brokken komt, & beter teveel info dan te weinig) Ik zal hem onderaan mijn bericht plaatsen.

Ik heb al vele malen AVG 7.5 mijn PC doen afspeuren wat telkens 2 Trojan Horses opleverde, maar het probleem bleef...

Ik ben zowat aan het einde van mijn Latijn nu, dus hieronder da HJT rapport. Oja, ik ben een leek op dit vlak!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:43:45, on 29/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

C:\Program Files\Common Files\Sonic Shared\CineTray.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Vidalia Bundle\Tor\tor.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RelevantKnowledge] C:\WINDOWS\system32\rlvknlg.exe -boot

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [bMab2a2dba] Rundll32.exe "C:\WINDOWS\system32\gmawqlgs.dll",s

O4 - HKLM\..\Run: [a8191e26] rundll32.exe "C:\WINDOWS\system32\cqlgrmaq.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--

End of file - 9688 bytes

Dank voor de complimenten alvast We helpen ook mensen graag.

Onze HJT expert, Kape zal zo snel mogelijk uw logje bekijken en u een stap voor stap oplossing bieden zodat uw pc terug tiptop ok wordt.

Mvg Karel

beheerder

Alvast bedankt voor het snelle antwoord.

Groeten,

Alexander

Mijn AVG rondde net weer een scan af, met geen enkel resultaat.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [RelevantKnowledge] C:\WINDOWS\system32\rlvknlg.exe -boot

O4 - HKLM\..\Run: [bMab2a2dba] Rundll32.exe "C:\WINDOWS\system32\gmawqlgs.dll",s

O4 - HKLM\..\Run: [a8191e26] rundll32.exe "C:\WINDOWS\system32\cqlgrmaq.dll",b

O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw bericht van HJT aan je volgende bericht.

Bedankt! Hier is het dan... Dat Combofixlogje...

ComboFix 08-04-29.3 - Alex 2008-04-30 13:54:39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.302 [GMT 2:00]

Gestart vanuit: C:\Program Files\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\setup.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\aHiSYJjl.ini

C:\WINDOWS\system32\aHiSYJjl.ini2

C:\WINDOWS\system32\cqlgrmaq.dll

C:\WINDOWS\system32\gyuyfxkh.dll

C:\WINDOWS\system32\hkxfyuyg.ini

C:\WINDOWS\system32\ldpackage.dll

C:\WINDOWS\system32\ljJDwttQ.dll

C:\WINDOWS\system32\ljJYSiHa.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\model.dat

C:\WINDOWS\system32\otlaibmm.ini

C:\WINDOWS\system32\qamrglqc.ini

C:\WINDOWS\system32\rlxf.dll

C:\WINDOWS\system32\silc_dll.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))

.

2008-04-30 13:42 . 2008-04-30 13:42 1,779,787 --a------ C:\Program Files\ComboFix.exe

2008-04-28 20:19 . 2008-04-28 20:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-28 20:06 . 2008-04-28 20:06 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer

2008-04-28 20:06 . 2008-04-28 20:06 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Sammsoft

2008-04-28 17:55 . 2008-04-28 17:55 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-28 16:30 . 2008-04-28 16:30 <DIR> d-------- C:\Program Files\Microsoft Works

2008-04-28 16:29 . 2008-04-28 16:29 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-04-26 19:07 . 2008-04-26 19:07 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-26 19:07 . 2008-04-26 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-26 12:53 . 2008-04-28 16:30 <DIR> d-------- C:\Documents and Settings\Ann-Sophie\Application Data\Babylon

2008-04-26 11:44 . 2008-04-28 17:34 109,747 --a------ C:\WINDOWS\BMab2a2dba.xml

2008-04-25 19:34 . 2008-04-25 19:39 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-25 19:31 . 2008-04-25 19:31 <DIR> dr-h----- C:\MSOCache

2008-04-25 16:53 . 2008-04-25 16:53 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4

2008-04-25 16:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-25 16:45 . 2008-04-25 17:16 418,694,568 --a------ C:\Program Files\X12-30187.exe

2008-04-22 20:12 . 2008-04-22 20:12 <DIR> d-------- C:\Program Files\Messenger Plus! 3

2008-04-22 20:11 . 2008-04-22 20:11 353,210 --a------ C:\Program Files\CountdownPlus10.exe

2008-04-21 20:57 . 2008-04-22 17:22 <DIR> d-------- C:\Program Files\Babylon

2008-04-21 20:57 . 2008-04-30 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon

2008-04-21 20:57 . 2008-04-28 19:39 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Babylon

2008-04-21 20:56 . 2008-04-21 20:56 5,440,224 --a------ C:\Program Files\Babylon7_setup.exe

2008-04-20 18:53 . 2008-04-20 18:53 <DIR> d-------- C:\Program Files\Vidalia Bundle

2008-04-20 18:53 . 2008-04-30 13:10 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Vidalia

2008-04-20 18:53 . 2008-04-30 14:01 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\tor

2008-04-20 18:52 . 2008-04-20 18:52 6,696,679 --a------ C:\Program Files\vidalia-bundle-0.1.2.19-0.0.16.exe

2008-04-18 17:24 . 2008-04-18 19:31 <DIR> d-------- C:\Program Files\PowerISO

2008-04-18 17:22 . 2008-04-18 17:22 1,115,219 --a------ C:\Program Files\PowerISO40.exe

2008-04-17 12:19 . 2008-04-17 12:19 244 --ah----- C:\sqmnoopt09.sqm

2008-04-17 12:19 . 2008-04-17 12:19 232 --ah----- C:\sqmdata09.sqm

2008-04-13 16:30 . 2008-04-13 16:30 268 --ah----- C:\sqmdata08.sqm

2008-04-13 16:30 . 2008-04-13 16:30 244 --ah----- C:\sqmnoopt08.sqm

2008-04-13 15:30 . 2008-04-13 15:30 268 --ah----- C:\sqmdata07.sqm

2008-04-13 15:30 . 2008-04-13 15:30 244 --ah----- C:\sqmnoopt07.sqm

2008-04-12 13:25 . 2008-04-12 13:25 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Publish Providers

2008-04-12 13:25 . 2008-04-12 20:16 156 --a------ C:\WINDOWS\Twunk001.MTX

2008-04-12 13:25 . 2008-04-12 20:16 2 --a------ C:\WINDOWS\Twain001.Mtx

2008-04-12 13:25 . 2008-04-12 13:25 0 --a------ C:\WINDOWS\Twunk002.MTX

2008-04-12 13:24 . 2008-04-12 13:24 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Sony

2008-04-12 13:21 . 2008-04-12 13:21 <DIR> d-------- C:\Program Files\Vstplugins

2008-04-12 13:21 . 2008-04-12 13:21 <DIR> d-------- C:\Program Files\Sony

2008-04-12 13:21 . 2008-04-12 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony

2008-04-12 13:01 . 2008-04-12 13:01 <DIR> d-------- C:\Program Files\Sony Setup

2008-04-11 19:36 . 2006-04-28 01:51 29,968 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-11 19:31 . 2008-04-26 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-06 14:07 . 2008-04-21 18:13 <DIR> d-------- C:\Documents and Settings\Ann-Sophie\Application Data\OpenOffice.org2

2008-04-03 09:41 . 2008-04-03 09:41 244 --ah----- C:\sqmnoopt06.sqm

2008-04-03 09:41 . 2008-04-03 09:41 232 --ah----- C:\sqmdata06.sqm

2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-30 18:53 . 2008-03-30 18:53 <DIR> dr-h----- C:\Documents and Settings\Ann-Sophie\Application Data\SecuROM

2008-03-25 15:46 . 2008-03-25 15:50 86,236,703 --a------ C:\42_sets_of_brushes_ardcor.rar

2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-03-23 12:30 . 2008-03-23 12:30 <DIR> d-------- C:\Program Files\R&R Software

2008-03-21 22:30 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 22:30 . 2008-03-21 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-03-21 22:30 . 2008-03-21 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-03-21 22:30 . 2008-03-21 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-03-21 22:30 . 2008-03-21 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-03-20 09:27 . 2008-03-20 09:27 244 --ah----- C:\sqmnoopt05.sqm

2008-03-20 09:27 . 2008-03-20 09:27 232 --ah----- C:\sqmdata05.sqm

2008-03-17 22:13 . 2008-03-17 22:13 268 --ah----- C:\sqmdata04.sqm

2008-03-17 22:13 . 2008-03-17 22:13 244 --ah----- C:\sqmnoopt04.sqm

2008-03-17 17:46 . 2008-03-17 17:46 <DIR> d-------- C:\Program Files\Wolters Plantyn

2008-03-17 17:44 . 2008-03-17 17:44 21,504 --a------ C:\WINDOWS\jestertb.dll

2008-03-14 15:09 . 2008-03-14 15:09 <DIR> d-------- C:\Program Files\Real

2008-03-14 15:09 . 2008-03-14 15:09 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-14 15:09 . 2008-03-14 15:09 <DIR> d-------- C:\Program Files\Common Files\Real

2008-03-14 08:04 . 2008-03-14 08:04 46,652 --a------ C:\WINDOWS\system32\drivers\scdemu.sys

2008-03-13 14:02 . 2008-03-29 13:52 <DIR> d-------- C:\Program Files\Common Files\Scanner

2008-03-12 18:44 . 2008-03-12 18:44 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\gtk-2.0

2008-03-12 18:43 . 2008-03-12 18:43 <DIR> d-------- C:\Documents and Settings\Alex\.thumbnails

2008-03-12 18:42 . 2008-03-27 20:39 <DIR> d-------- C:\Documents and Settings\Alex\.gimp-2.4

2008-03-12 17:16 . 2008-03-12 17:16 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-12 17:09 . 2008-03-12 17:10 <DIR> d-------- C:\Program Files\EnScene2

2008-03-12 15:43 . 2008-03-12 15:43 268 --ah----- C:\sqmdata03.sqm

2008-03-12 15:43 . 2008-03-12 15:43 244 --ah----- C:\sqmnoopt03.sqm

2008-03-11 21:06 . 2008-03-11 21:06 <DIR> d-------- C:\Documents and Settings\Ann-Sophie\Application Data\Yahoo!

2008-03-10 13:17 . 2008-03-10 13:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-03-09 18:57 . 2008-03-09 18:57 712,704 --a------ C:\WINDOWS\system32\rlph.dll

2008-03-09 11:56 . 2008-03-09 11:56 118,784 --a------ C:\WINDOWS\system32\rlai.dll

2008-03-08 14:41 . 2008-03-08 14:41 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Yahoo!

2008-03-06 21:00 . 2008-03-29 13:52 <DIR> d-------- C:\Program Files\Yahoo!

2008-03-06 21:00 . 2008-03-06 21:00 <DIR> d-------- C:\Program Files\FLV Player

2008-03-06 20:55 . 2008-04-14 17:08 <DIR> d-------- C:\Documents and Settings\Alex\dwhelper

2008-03-05 20:24 . 2008-03-05 20:24 244 --ah----- C:\sqmnoopt02.sqm

2008-03-05 20:24 . 2008-03-05 20:24 232 --ah----- C:\sqmdata02.sqm

2008-03-04 13:23 . 2008-03-04 13:23 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2008-03-02 12:49 . 2008-03-29 13:51 <DIR> d-------- C:\Program Files\Xara

2008-03-01 13:10 . 2008-03-01 13:13 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Windows Live Writer

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 12:01 --------- d-----w C:\Documents and Settings\Alex\Application Data\DNA

2008-04-30 11:11 --------- d-----w C:\Documents and Settings\Alex\Application Data\OpenOffice.org2

2008-04-30 11:10 --------- d-----w C:\Documents and Settings\Alex\Application Data\AVG7

2008-04-28 14:30 --------- d-----w C:\Program Files\Java

2008-04-27 14:20 --------- d-----w C:\Documents and Settings\Ann-Sophie\Application Data\AVG7

2008-04-26 17:57 --------- d-----w C:\Documents and Settings\Alex\Application Data\BitTorrent

2008-04-25 15:23 --------- d-----w C:\Documents and Settings\Alex\Application Data\LimeWirePlus

2008-04-25 14:52 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-04-24 18:29 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-04-23 12:21 --------- d-----w C:\Program Files\PokerStars

2008-04-18 17:26 --------- d-----w C:\Program Files\MSBuild

2008-04-13 13:40 --------- d-----w C:\Program Files\DivX

2008-04-13 13:35 --------- d-----w C:\Program Files\Wekker

2008-04-13 13:34 --------- d-----w C:\Documents and Settings\Dirk\Application Data\OpenOffice.org2

2008-04-12 18:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-12 11:24 --------- d-----w C:\Documents and Settings\Alex\Application Data\DivX

2008-04-01 10:46 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-29 11:59 --------- d-----w C:\Program Files\Qtrax_20080125

2008-03-27 16:12 --------- d-----w C:\Program Files\EA GAMES

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-20 08:01 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:01 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-17 18:00 --------- d-----w C:\Documents and Settings\Dirk\Application Data\AVG7

2008-03-02 10:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 18:53 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:53 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:23 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-02-05 11:23 12,351,225 ------w C:\avg7qt.dat

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-12 10:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

2008-01-16 14:27 1502232 --a------ C:\Program Files\LimewirePlus\tbLim1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-01-16 14:27 1502232]

[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-01-16 14:27 1502232]

[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-07 20:24 190024]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 16:38 288576]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 23:49 12889088]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 14:22 2135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 20:07 61952 C:\WINDOWS\system32\hdashcut.exe]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]

"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 15:26 13924864 C:\WINDOWS\RTHDCPL.EXE]

"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 16:23 86016]

"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 21:01 525824]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 12:22 579584]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 15:09 185896]

"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-27 12:16 219136]

C:\Documents and Settings\Alex\Menu Start\Programma's\Opstarten\

OpenOffice.org 2.4 .lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54 250368]

Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2005-10-15 03:01:00 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 14:03:06

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 188

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.bin

C:\Program Files\Vidalia Bundle\Tor\tor.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-30 14:08:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-30 12:08:08

Pre-Run: 120,180,416,512 bytes beschikbaar

Post-Run: 121,941,975,040 bytes beschikbaar

268 --- E O F --- 2008-04-26 19:59:47

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\BMab2a2dba.xml

C:\sqmnoopt09.sqm

C:\sqmdata09.sqm

C:\sqmdata08.sqm

C:\sqmnoopt08.sqm

C:\sqmdata07.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt06.sqm

C:\sqmdata06.sqm

C:\42_sets_of_brushes_ardcor.rar

C:\sqmnoopt05.sqm

C:\sqmdata05.sqm

C:\sqmdata04.sqm

C:\sqmnoopt04.sqm

C:\WINDOWS\jestertb.dll

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

C:\WINDOWS\system32\rlph.dll

C:\WINDOWS\system32\rlai.dll

C:\sqmnoopt02.sqm

C:\sqmdata02.sqm

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

En dan heb ik nog 3 vraagjes voor jou :

1. Heb je dit programma C:\Program Files\PokerStars bewust op je PC gedownload en gebruik je dit ?

2. Je zit met C:\Program Files\MessengerPlus! 3 aan boord. Ben je je ervan bewust dat je daarmee een hoop rotzooi op je PC hebt gehaald ? Zo ja, geen probleem … dan kan je daar mee leven, neem ik aan. Zo neen, zou ik het verwijderen en zonder alle “toeters en bellen” (reclame, dus) terug installeren.

3. Hoe staat het met de zaken, nadat je dit allemaal hebt uitgevoerd. Is er verbetering merkbaar ? Of heb je nog dezelfde problemen ?

Ik kan weer op de zwaardere sites enzo... Ik heb geen klachten meer, daarvoor dank! Maar, aangezien ik nog het een en het ander moet doen, is het nog niet weg?

Antwoorden op je vragen:

1) Ik poker af en toe wel eens ja... Maar, ik kan leven zonder poker, dus als het onnodige bestanden aan boord brengt, kieper ik het weg...

2) Ik heb dat eens gedownload, maar; ik kan net zoals zonder poker, zonder dat bovenstaante leven.

3) Is beantwoord in het begin van het bericht.

Nu even je stappen volgen.

Bedankt!

Alexander

Maar, aangezien ik nog het een en het ander moet doen, is het nog niet weg?

Er zitten nog wat restjes en enkele besmettingshaarden op. Beter definitief opruimen, die boel. Maar daar ben je inmiddels al mee bezig, neem ik aan

Ik poker af en toe wel eens ja .. Maar, ik kan leven zonder poker, dus als het onnodige bestanden aan boord brengt, kieper ik het weg ..

Niks op tegen, hoor ... alleen brengen die programma's - en hier dus Pokerstars - vaak nogal wat rotzooi mee op je PC. Oordeel zelf maar wat je ermee aanvangt ... het is immers jouw PC

Ik heb dat eens gedownload, maar; ik kan net zoals zonder poker, zonder dat bovenstaante leven.

Dan zou ik hier opteren voor de opruiming ervan.

Is beantwoord in het begin van het bericht

OK, duidelijk. Nog even de logjes afwachten ter controle en dan is het tijd voor de "grote schoonmaak".

Ik heb Messenger Plus gewist... (SHIFT + DELETE)

ComboFix:

ComboFix 08-04-29.3 - Alex 2008-04-30 15:45:12.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.358 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Alex\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\Alex\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\42_sets_of_brushes_ardcor.rar

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmdata08.sqm

C:\sqmdata09.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt08.sqm

C:\sqmnoopt09.sqm

C:\WINDOWS\BMab2a2dba.xml

C:\WINDOWS\jestertb.dll

C:\WINDOWS\system32\rlai.dll

C:\WINDOWS\system32\rlph.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\42_sets_of_brushes_ardcor.rar

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmdata08.sqm

C:\sqmdata09.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt08.sqm

C:\sqmnoopt09.sqm

C:\WINDOWS\BMab2a2dba.xml

C:\WINDOWS\jestertb.dll

C:\WINDOWS\system32\rlai.dll

C:\WINDOWS\system32\rlph.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))

.

2008-04-28 20:19 . 2008-04-28 20:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-28 20:06 . 2008-04-28 20:06 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer

2008-04-28 20:06 . 2008-04-28 20:06 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Sammsoft

2008-04-28 17:55 . 2008-04-28 17:55 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-28 16:30 . 2008-04-28 16:30 <DIR> d-------- C:\Program Files\Microsoft Works

2008-04-28 16:29 . 2008-04-28 16:29 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-04-26 19:07 . 2008-04-26 19:07 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-26 19:07 . 2008-04-26 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-26 12:53 . 2008-04-28 16:30 <DIR> d-------- C:\Documents and Settings\Ann-Sophie\Application Data\Babylon

2008-04-25 19:34 . 2008-04-25 19:39 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-25 19:31 . 2008-04-25 19:31 <DIR> dr-h----- C:\MSOCache

2008-04-25 16:53 . 2008-04-25 16:53 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4

2008-04-25 16:49 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-25 16:45 . 2008-04-25 17:16 418,694,568 --a------ C:\Program Files\X12-30187.exe

2008-04-22 20:12 . 2008-04-22 20:12 <DIR> d-------- C:\Program Files\Messenger Plus! 3

2008-04-22 20:11 . 2008-04-22 20:11 353,210 --a------ C:\Program Files\CountdownPlus10.exe

2008-04-21 20:57 . 2008-04-22 17:22 <DIR> d-------- C:\Program Files\Babylon

2008-04-21 20:57 . 2008-04-30 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon

2008-04-21 20:57 . 2008-04-28 19:39 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Babylon

2008-04-21 20:56 . 2008-04-21 20:56 5,440,224 --a------ C:\Program Files\Babylon7_setup.exe

2008-04-20 18:53 . 2008-04-20 18:53 <DIR> d-------- C:\Program Files\Vidalia Bundle

2008-04-20 18:53 . 2008-04-30 14:05 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Vidalia

2008-04-20 18:53 . 2008-04-30 14:05 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\tor

2008-04-20 18:52 . 2008-04-20 18:52 6,696,679 --a------ C:\Program Files\vidalia-bundle-0.1.2.19-0.0.16.exe

2008-04-18 17:24 . 2008-04-18 19:31 <DIR> d-------- C:\Program Files\PowerISO

2008-04-18 17:22 . 2008-04-18 17:22 1,115,219 --a------ C:\Program Files\PowerISO40.exe

2008-04-12 13:25 . 2008-04-12 13:25 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Publish Providers

2008-04-12 13:25 . 2008-04-12 20:16 156 --a------ C:\WINDOWS\Twunk001.MTX

2008-04-12 13:25 . 2008-04-12 20:16 2 --a------ C:\WINDOWS\Twain001.Mtx

2008-04-12 13:25 . 2008-04-12 13:25 0 --a------ C:\WINDOWS\Twunk002.MTX

2008-04-12 13:24 . 2008-04-12 13:24 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Sony

2008-04-12 13:21 . 2008-04-12 13:21 <DIR> d-------- C:\Program Files\Vstplugins

2008-04-12 13:21 . 2008-04-12 13:21 <DIR> d-------- C:\Program Files\Sony

2008-04-12 13:21 . 2008-04-12 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony

2008-04-12 13:01 . 2008-04-12 13:01 <DIR> d-------- C:\Program Files\Sony Setup

2008-04-11 19:36 . 2006-04-28 01:51 29,968 --a------ C:\WINDOWS\system32\mdimon.dll

2008-04-11 19:31 . 2008-04-26 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-06 14:07 . 2008-04-21 18:13 <DIR> d-------- C:\Documents and Settings\Ann-Sophie\Application Data\OpenOffice.org2

2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-30 18:53 . 2008-03-30 18:53 <DIR> dr-h----- C:\Documents and Settings\Ann-Sophie\Application Data\SecuROM

2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-03-23 12:30 . 2008-03-23 12:30 <DIR> d-------- C:\Program Files\R&R Software

2008-03-21 22:30 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 22:30 . 2008-03-21 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-03-21 22:30 . 2008-03-21 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-03-21 22:30 . 2008-03-21 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-03-21 22:30 . 2008-03-21 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-03-17 17:46 . 2008-03-17 17:46 <DIR> d-------- C:\Program Files\Wolters Plantyn

2008-03-14 15:09 . 2008-03-14 15:09 <DIR> d-------- C:\Program Files\Real

2008-03-14 15:09 . 2008-03-14 15:09 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-03-14 15:09 . 2008-03-14 15:09 <DIR> d-------- C:\Program Files\Common Files\Real

2008-03-14 08:04 . 2008-03-14 08:04 46,652 --a------ C:\WINDOWS\system32\drivers\scdemu.sys

2008-03-13 14:02 . 2008-03-29 13:52 <DIR> d-------- C:\Program Files\Common Files\Scanner

2008-03-12 18:44 . 2008-03-12 18:44 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\gtk-2.0

2008-03-12 18:43 . 2008-03-12 18:43 <DIR> d-------- C:\Documents and Settings\Alex\.thumbnails

2008-03-12 18:42 . 2008-03-27 20:39 <DIR> d-------- C:\Documents and Settings\Alex\.gimp-2.4

2008-03-12 17:16 . 2008-03-12 17:16 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-03-12 17:09 . 2008-03-12 17:10 <DIR> d-------- C:\Program Files\EnScene2

2008-03-11 21:06 . 2008-03-11 21:06 <DIR> d-------- C:\Documents and Settings\Ann-Sophie\Application Data\Yahoo!

2008-03-10 13:17 . 2008-03-10 13:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-03-08 14:41 . 2008-03-08 14:41 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Yahoo!

2008-03-06 21:00 . 2008-03-29 13:52 <DIR> d-------- C:\Program Files\Yahoo!

2008-03-06 21:00 . 2008-03-06 21:00 <DIR> d-------- C:\Program Files\FLV Player

2008-03-06 20:55 . 2008-04-14 17:08 <DIR> d-------- C:\Documents and Settings\Alex\dwhelper

2008-03-04 13:23 . 2008-03-04 13:23 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2008-03-02 12:49 . 2008-03-29 13:51 <DIR> d-------- C:\Program Files\Xara

2008-03-01 13:10 . 2008-03-01 13:13 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Windows Live Writer

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 13:44 --------- d-----w C:\Documents and Settings\Alex\Application Data\DNA

2008-04-30 12:05 --------- d-----w C:\Documents and Settings\Alex\Application Data\OpenOffice.org2

2008-04-30 11:10 --------- d-----w C:\Documents and Settings\Alex\Application Data\AVG7

2008-04-28 14:30 --------- d-----w C:\Program Files\Java

2008-04-27 14:20 --------- d-----w C:\Documents and Settings\Ann-Sophie\Application Data\AVG7

2008-04-26 17:57 --------- d-----w C:\Documents and Settings\Alex\Application Data\BitTorrent

2008-04-25 15:23 --------- d-----w C:\Documents and Settings\Alex\Application Data\LimeWirePlus

2008-04-25 14:52 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-04-24 18:29 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-04-23 12:21 --------- d-----w C:\Program Files\PokerStars

2008-04-18 17:26 --------- d-----w C:\Program Files\MSBuild

2008-04-13 13:40 --------- d-----w C:\Program Files\DivX

2008-04-13 13:35 --------- d-----w C:\Program Files\Wekker

2008-04-13 13:34 --------- d-----w C:\Documents and Settings\Dirk\Application Data\OpenOffice.org2

2008-04-12 18:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-12 11:24 --------- d-----w C:\Documents and Settings\Alex\Application Data\DivX

2008-04-01 10:46 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-29 11:59 --------- d-----w C:\Program Files\Qtrax_20080125

2008-03-27 16:12 --------- d-----w C:\Program Files\EA GAMES

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-20 08:01 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:01 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-17 18:00 --------- d-----w C:\Documents and Settings\Dirk\Application Data\AVG7

2008-03-02 10:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 18:53 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:53 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:23 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-02-05 11:23 12,351,225 ------w C:\avg7qt.dat

2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-12 10:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

2008-01-16 14:27 1502232 --a------ C:\Program Files\LimewirePlus\tbLim1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "C:\Program Files\LimewirePlus\tbLim1.dll" [2008-01-16 14:27 1502232]

[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLim1.dll [2008-01-16 14:27 1502232]

[HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-07 20:24 190024]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 16:38 288576]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 23:49 12889088]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 14:22 2135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 20:07 61952 C:\WINDOWS\system32\hdashcut.exe]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]

"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 15:26 13924864 C:\WINDOWS\RTHDCPL.EXE]

"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 16:23 86016]

"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 21:01 525824]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 12:22 579584]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 15:09 185896]

"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-27 12:16 219136]

C:\Documents and Settings\Alex\Menu Start\Programma's\Opstarten\

OpenOffice.org 2.4 .lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 16:30:54 250368]

Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2005-10-15 03:01:00 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 15:47:15

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-30 15:48:05

ComboFix-quarantined-files.txt 2008-04-30 13:47:52

ComboFix2.txt 2008-04-30 12:08:12

Pre-Run: 122,374,189,056 bytes beschikbaar

Post-Run: 122,371,760,128 bytes beschikbaar

256 --- E O F --- 2008-04-26 19:59:47

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:53:29, on 30/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

C:\Program Files\Common Files\Sonic Shared\CineTray.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Vidalia Bundle\Tor\tor.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim1.dll

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--

End of file - 9943 bytes