wtf waar is taakbeheer naar toe

[bart 16]

hey heb je instructie gevolgd maar hij zegt da ik al men internetverbindingen en explorer kaderkes moet afzetten dit doe ik via taakbeheer en ja het probleem blijft!! mvg van bart!! wat nu te doen? MVG VAN BART

[bart 16]

is het lijstje zo goed:

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE

C:\Windows\System32\wpcumi.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {330E4FA0-CE48-46EA-B843-D4C03E7B587C} - C:\Windows\system32\avicap3.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\Windows\drnpfdxlsk.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKLM\..\Policies\Explorer\Run: [2Wpuiu7EEf] C:\Windows\fulqzkls.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Net2Phone -- Communication without borders (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrvx86.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

maar ik vind het wel raar ik kan nog altijd ni deze computer openen.

en krijg nog altijd massa's errors

mvg van bart gelieve een berichtje terug te sturen!!

[kape]

Logisch dat je nog niet uit de problemen bent, er is nog heel wat werk aan de winkel.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {330E4FA0-CE48-46EA-B843-D4C03E7B587C} - C:\Windows\system32\avicap3.dll

O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\Windows\drnpfdxlsk.dll (file missing)

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (file missing)

O4 - HKLM\..\Policies\Explorer\Run: [2Wpuiu7EEf] C:\Windows\fulqzkls.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\bart\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab

Klik op 'Fix checked' om de items te verwijderen.

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Start je computer terug op in normale modus.

Daarna voer je uit wat ik je eerder al aanbevolen heb : Combofix (zie info vorig bericht).

Plak nu de inhoud van dat rapportje van SDFix, het log van Combofix en een nieuw HJT-log in je volgende bericht.

[bart 16]

hey ik heb je instructies gevolgd maar het probleem blijft ik zal je in men volgend berichtje zoals afgesproke men logjes plaatsen!! mvg van bart

[bart 16]

zizo alles coorect gevolgt en hier zijn de logjes. maar is dat normaal dat het probleem zich nog steeds voor doet ?

combofixlogje

ComboFix 08-04-11.5 - ikke 2008-04-14 16:55:02.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1157 [GMT 2:00]

Gestart vanuit: C:\Users\ikke\Desktop\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\ikke\AppData\Local\Temp\winlogon.exe

.

---- Previous Run -------

.

C:\Program Files\tmp0.exe

C:\Program Files\tmp1.exe

C:\Program Files\tmp2.exe

C:\Program Files\tmp3.exe

C:\Users\ikke\AppData\Roaming\inst.exe

C:\Windows\Downloaded Program Files\setup.inf

C:\Windows\Installer\{a8b07d1e-5725-4587-aaf7-f9cfc33aac89}\PrxBoot.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_PortProxy

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-14 14:52 --------- d-----w C:\Program Files\Steam

2008-04-14 14:51 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT.bck

2008-04-14 14:51 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT

2008-04-14 14:51 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG.bck

2008-04-14 14:51 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG

2008-04-13 20:09 --------- d-----w C:\Program Files\Windows Mail

2008-04-13 20:09 --------- d-----w C:\Program Files\Spy Cleaner Gold

2008-04-13 19:58 --------- d-----w C:\PROGRA~2\Protexis

2008-04-13 19:15 --------- d-----w C:\Program Files\Last.fm

2008-04-13 19:13 --------- d-----w C:\Users\ikke\AppData\Roaming\BitTorrent

2008-04-13 19:13 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3

2008-04-13 19:13 --------- d-----w C:\Program Files\CoffeeCup Software

2008-04-12 10:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Uniblue

2008-04-12 09:13 --------- d-----w C:\Program Files\Trend Micro

2008-04-12 07:58 --------- d-----w C:\Program Files\Panda Security

2008-04-12 07:07 --------- d-----w C:\Program Files\nLite

2008-04-08 19:37 --------- d---a-w C:\PROGRA~2\TEMP

2008-04-07 19:48 --------- d-----w C:\Program Files\FreeRIP3

2008-04-07 17:49 --------- d-----w C:\Users\ikke\AppData\Roaming\Skype

2008-04-07 15:16 --------- d-----w C:\Users\ikke\AppData\Roaming\skypePM

2008-04-06 10:40 5,196 ----a-w C:\Windows\System32\PerfStringBackup.TMP

2008-04-05 17:02 66,707,456 ----a-w C:\Windows\System32\imageres.dll

2008-04-03 15:39 --------- d-----w C:\Users\ikke\AppData\Roaming\Xfire

2008-03-31 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-31 14:16 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-31 13:44 --------- d-----w C:\Program Files\Hewlett-Packard

2008-03-31 13:41 --------- d-----w C:\Program Files\Java

2008-03-29 14:32 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ Toolbar

2008-03-29 13:00 --------- d-----w C:\Users\ikke\AppData\Roaming\acccore

2008-03-29 12:57 --------- d-----w C:\Program Files\Common Files\AOL

2008-03-29 12:57 --------- d-----w C:\Program Files\AIM6

2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL OCP

2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL

2008-03-29 12:56 --------- d-----w C:\PROGRA~2\AOL Downloads

2008-03-29 12:53 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ

2008-03-29 12:53 --------- d-----w C:\Program Files\ICQ6

2008-03-29 11:13 --------- d-----w C:\Program Files\Skype

2008-03-29 11:13 --------- d-----w C:\Program Files\Common Files\Skype

2008-03-29 11:13 --------- d-----w C:\PROGRA~2\Skype

2008-03-28 22:34 --------- d-----w C:\PROGRA~2\FLEXnet

2008-03-28 14:34 --------- d-----w C:\Program Files\7-Zip

2008-03-28 10:41 --------- d-----w C:\Users\ikke\AppData\Roaming\BSplayer

2008-03-23 20:50 --------- d-----w C:\Program Files\MediaMonkey

2008-03-22 15:49 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger

2008-03-21 13:05 --------- d-----w C:\Users\ikke\AppData\Roaming\FileSubmit

2008-03-21 10:56 90,112 ----a-w C:\Windows\System32\nqmheosx.exe

2008-03-21 10:46 --------- d-----w C:\Program Files\Common Files\Stardock

2008-03-20 21:22 --------- d-----w C:\PROGRA~2\WinZip

2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\WinBatch

2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\InstallShield

2008-03-20 15:23 --------- d-----w C:\Program Files\HP Webcam

2008-03-20 15:11 --------- d-----w C:\PROGRA~2\Xerox

2008-03-19 17:24 --------- d-----w C:\Program Files\DNA

2008-03-19 17:24 --------- d-----w C:\Program Files\BitTorrent

2008-03-18 20:49 --------- d-----w C:\Users\ikke\AppData\Roaming\FastStone

2008-03-18 20:49 --------- d-----w C:\Program Files\FastStone Image Viewer

2008-03-18 17:08 47,360 ----a-w C:\Users\ikke\AppData\Roaming\pcouffin.sys

2008-03-18 17:08 --------- d-----w C:\Users\ikke\AppData\Roaming\Vso

2008-03-18 17:08 --------- d-----w C:\Program Files\VSO

2008-03-14 16:46 27,240 ----a-w C:\Users\ikke\AppData\Roaming\nvModes.dat

2008-03-13 21:03 --------- d-----w C:\Users\ikke\AppData\Roaming\Apple Computer

2008-03-13 20:54 --------- d-----w C:\Program Files\Opera

2008-03-09 09:45 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-03-09 09:44 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-05 18:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-05 18:45 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy

2008-03-05 18:13 --------- d-----w C:\Program Files\Windows Live

2008-03-02 21:40 --------- d-----w C:\Users\ikke\AppData\Roaming\DivX

2008-03-02 20:40 --------- d-----w C:\Program Files\Picasa2

2008-03-02 11:38 --------- d-----w C:\Users\ikke\AppData\Roaming\Netscape

2008-03-01 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-01 17:27 --------- d-----w C:\Program Files\MSN Messenger

2008-03-01 17:17 --------- d-----w C:\PROGRA~2\WLInstaller

2008-03-01 17:15 --------- d-----w C:\Users\ikke\AppData\Roaming\AntiVirusScherm

2008-03-01 12:55 --------- d-----w C:\Users\ikke\AppData\Roaming\GlobalSCAPE

2008-02-29 18:36 --------- d-----w C:\Users\ikke\AppData\Roaming\SmartFTP

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-27 15:15 --------- d-----w C:\Program Files\Xfire

2008-02-27 15:15 --------- d-----w C:\PROGRA~2\Xfire

2008-02-27 12:16 0 ----a-w C:\Users\ikke\AppData\Roaming\wklnhst.dat

2008-02-23 19:57 --------- d-----w C:\Users\ikke\AppData\Roaming\CyberLink

2008-02-22 21:20 --------- d-----w C:\Users\ikke\AppData\Roaming\HandigeBeheerder

2008-02-22 19:06 --------- d-----w C:\Users\ikke\AppData\Roaming\Ahead

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-20 16:47 --------- d-----w C:\Users\ikke\AppData\Roaming\HP

2008-02-19 20:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Talkback

2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmEditor

2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmDesigner

2008-02-19 17:17 --------- d-----w C:\Users\ikke\AppData\Roaming\Nvu

2008-02-17 13:37 --------- d-----w C:\PROGRA~2\PY_Software

2008-02-17 11:17 --------- d-----w C:\PROGRA~2\GlobalSCAPE

2008-02-16 14:31 --------- d-----w C:\Program Files\Quintessential Media Player

2008-02-16 13:57 --------- d-----w C:\Program Files\DivX

2008-02-16 13:57 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-02-15 20:42 --------- d-----w C:\Program Files\Common Files\Steam

2008-02-15 16:05 --------- d-----w C:\Program Files\Common Files\Real

2008-02-12 22:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-12 22:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-12 22:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-12 22:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]

"NudgeMania"="C:\Program Files\NudgeMania\NudgeMania.exe" [ ]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]

"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]

"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-05-09 18:54 50736]

"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-06 13:02 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [ ]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]

"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [ ]

"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-26 18:46 77824]

"Spy Watcher"="C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" [2005-04-07 04:18 557056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-25 20:46:38 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"2Wpuiu7EEf"= C:\Windows\fulqzkls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 21:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=C:\Windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^ikke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]

path=C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk

backup=C:\Windows\pss\Last.fm Helper.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

--a------ 2007-03-12 11:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog 24]

C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

--a------ 2007-02-13 11:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

--a------ 2007-04-23 18:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-01-30 21:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

--a------ 2007-01-10 16:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2007-09-30 10:17 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{83523B6B-8F78-400F-8359-BFC5D585775A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{D877737F-8D56-4B8D-AA82-3F0FD0BBBA79}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{0092543F-753A-4105-BDD0-C53B1204DD98}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"UDP Query User{B1A3565D-DE06-4DFF-B189-4B7E2529227D}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"TCP Query User{6F015DB6-B455-4B64-97E2-F6B77EF49812}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare

"UDP Query User{9339EF88-C9D8-4A3C-96B6-53B88A5E1CBC}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare

"TCP Query User{667FCA5A-CC1B-4C55-9DDC-9843D3E3B73D}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{5A2ADFB7-9EBB-4697-B19F-0749B234CD06}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"TCP Query User{4DFD7A31-919E-4A59-9137-D6914A164CA4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{22A6DE5F-2ECF-44CE-9240-66D6984EC106}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{757A06AC-E95A-44DE-9844-5F76B9B71CDB}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{38F37EDA-A5E8-42FB-92C5-194C7130D9C4}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe

"TCP Query User{552D77A5-69D4-4600-A142-1EF2D05EE433}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare

"UDP Query User{0F60DED8-0E3F-40F3-A7BF-F483E30FEBAA}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare

"TCP Query User{DC482A8D-F2D4-47D4-B2CE-72B1C73DDAA5}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{3FBC69B3-7328-4FEE-9987-E5858EE177FD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{1ED630D7-5911-4783-9F7E-F6AD867FC5E2}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{BDF77066-BFB8-41F3-B35E-3CBFA8158FDA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{9C14A28B-07EF-4C7D-B814-A3A0FACCD585}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{DF80080F-4B3E-4867-B985-0133274D6F4D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{6DF00939-A66A-4A7E-8634-561867C5BFB8}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{61CAF39C-B025-4821-A035-708F6F724ADD}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"TCP Query User{A7BEAB48-648C-4BBB-83D8-75150936BDF8}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"UDP Query User{A2ACD869-5728-4175-A2D5-46B703227E43}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"{1A76E207-7772-4600-A6CF-2DEADD620D11}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{D41B2AE6-2F98-4B0D-B89B-EF153FDDB234}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{D824E184-7A55-4DAA-907C-95E5495AB8D5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{5F52C282-D76E-4720-A8BB-FE3A97D5987F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{D2522863-5F7F-4627-A697-737125D1E6BF}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2

"UDP Query User{08671418-D823-4A60-B540-10FC3E3B999D}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2

"{2DB40983-6280-460F-8458-4019751D772A}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{B6339253-71B2-43D5-9DBF-B9CBC6790BBB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{16CA3A18-28FF-4A59-A7E1-D27C88D29851}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{4997B15B-BBE2-4489-8679-47E2D665D7EC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{DB4C318E-3FF6-4030-81B7-47D94C1BFE68}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{2AAD00A5-5167-4E50-A7D7-3F732A8043A0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C9D7D84B-747D-4CCA-94DF-B111DD8A1414}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{9A66DE17-E459-4651-B2C5-769BFEFF8F62}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{A29A89B3-3906-47C7-8CFD-02E8A86CE612}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= UDP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{117E4158-75D0-45A2-8846-A68926E0CC41}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= TCP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe

"{C2D4D891-F47C-4801-86C3-26C4D199764B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{CFE1B510-6F8F-4E36-B39D-39EA221FED6E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{727CE370-29F0-4033-BE82-8871EB5E1A2B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{176C9E80-A887-411E-A12F-1D9C904F8762}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{1112A60F-254C-4693-8F3B-0F6CB4B4F474}"= UDP:C:\Program Files\DNA\btdna.exe:DNA

"{AF17A790-875F-4BBE-BB0D-76B0568A8E2C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

"{39454884-EEEE-4131-8BE9-95E022681A90}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{C8BA96EB-F64F-470B-8007-615906F516F6}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{8BE25293-98A8-44BA-AE3C-6468D4E44B27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{89287EED-F97B-4537-8B7A-96B388DF1AF3}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{93B0045B-1C90-4D4D-835C-AD204B436660}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"TCP Query User{DF4CE028-FA2F-4D43-B5C3-8D3DDF1D3B66}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{2AAE8935-765E-4266-AA39-34A8E241AEAF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 APPFLT;App Filter Plugin;C:\Windows\system32\Drivers\APPFLT.SYS [2007-05-11 10:33]

R1 DSAFLT;DSA Filter Plugin;C:\Windows\system32\Drivers\DSAFLT.SYS [2007-05-11 10:33]

R1 FNETMON;NetMon Filter Plugin;C:\Windows\system32\Drivers\fnetmon.SYS [2007-05-11 10:33]

R1 IDSFLT;Ids Filter Plugin;C:\Windows\system32\Drivers\IDSFLT.SYS [2007-07-11 12:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 10:33]

R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]

R1 SMSFLT;SMS Filter Plugin;C:\Windows\system32\Drivers\SMSFLT.SYS [2007-05-11 10:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\system32\Drivers\WNMFLT.SYS [2007-05-11 10:33]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-06-06 11:43]

R2 ComFiltr;Panda Anti-Dialer;C:\Windows\system32\DRIVERS\COMFiltr.sys [2007-10-29 12:55]

R2 cpoint;Panda CPoint Driver;C:\Windows\system32\Drivers\cpoint.sys [2007-06-08 09:44]

R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]

R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe" [2007-03-21 20:32]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]

R3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 12:45]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\netimflt.sys [2007-04-24 16:43]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-07-30 14:20]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-15 22:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker

GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d665a4e4-6e06-11dc-8e34-806e6f6e6963}]

\shell\AutoRun\command - F:\autorun.exe

\shell\directx\command - F:\DirectX9\dxsetup.exe

\shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4dce9cf-6f6e-11dc-823d-001a6be139af}]

\shell\AutoRun\command - N:\setup.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-14 15:00:00 C:\Windows\Tasks\User_Feed_Synchronization-{2CC08CE3-A954-4B66-89A4-84469A7D2A23}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 16:59:20

Windows 6.0.6000 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-14 17:00:35

ComboFix-quarantined-files.txt 2008-04-14 15:00:27

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-13 19:29:51 --- E O F ---

HJT logje

Logfile of HijackThis v1.99.1

Scan saved at 23:01, on 2008-04-13

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Spy Cleaner Gold\SpyWatcher.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\7-Zip\7zFM.exe

C:\Users\ikke\AppData\Local\Temp\7zO2AC7.tmp\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avldr - C:\Windows\SYSTEM32\avldr.dll

O21 - SSODL: PrxBoot - {a8b07d1e-5725-4587-aaf7-f9cfc33aac89} - (no file)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrvx86.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

mvg van bart

[kape]

Heb je eerst die suggestie met SDFix uitgevoerd ? Wil je dan - voor ik de rest volledig ga analyseren - eerst eens dat logje in een bericht zetten.

En nog iets : dit programma C:\Program Files\Spy Cleaner Gold. Waar heb je dat gedownload ? Toevallig bij Spycleaner.com ? Of ergens anders ?

[kape]

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O21 - SSODL: PrxBoot - {a8b07d1e-5725-4587-aaf7-f9cfc33aac89} - (no file)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Windows\System32\nqmheosx.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]

"2Wpuiu7EEf"= C:\Windows\fulqzkls.exe

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[bart 16]

combofix.txt logje:

ComboFix 08-04-11.5 - ikke 2008-04-14 18:33:03.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1170 [GMT 2:00]

Gestart vanuit: C:\Users\ikke\Desktop\ComboFix.exe

Command switches used :: C:\Users\ikke\Desktop\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

C:\Windows\System32\nqmheosx.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\System32\nqmheosx.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-14 16:27 --------- d-----w C:\Program Files\Steam

2008-04-14 16:26 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT.bck

2008-04-14 16:26 446,012 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT

2008-04-14 16:26 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG.bck

2008-04-14 16:26 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG

2008-04-13 20:09 --------- d-----w C:\Program Files\Windows Mail

2008-04-13 20:09 --------- d-----w C:\Program Files\Spy Cleaner Gold

2008-04-13 19:58 --------- d-----w C:\PROGRA~2\Protexis

2008-04-13 19:15 --------- d-----w C:\Program Files\Last.fm

2008-04-13 19:13 --------- d-----w C:\Users\ikke\AppData\Roaming\BitTorrent

2008-04-13 19:13 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3

2008-04-13 19:13 --------- d-----w C:\Program Files\CoffeeCup Software

2008-04-12 10:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Uniblue

2008-04-12 09:13 --------- d-----w C:\Program Files\Trend Micro

2008-04-12 07:58 --------- d-----w C:\Program Files\Panda Security

2008-04-12 07:07 --------- d-----w C:\Program Files\nLite

2008-04-08 19:37 --------- d---a-w C:\PROGRA~2\TEMP

2008-04-07 19:48 --------- d-----w C:\Program Files\FreeRIP3

2008-04-07 17:49 --------- d-----w C:\Users\ikke\AppData\Roaming\Skype

2008-04-07 15:16 --------- d-----w C:\Users\ikke\AppData\Roaming\skypePM

2008-04-06 10:40 5,196 ----a-w C:\Windows\System32\PerfStringBackup.TMP

2008-04-05 17:02 66,707,456 ----a-w C:\Windows\System32\imageres.dll

2008-04-03 15:39 --------- d-----w C:\Users\ikke\AppData\Roaming\Xfire

2008-03-31 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-31 14:16 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-31 13:44 --------- d-----w C:\Program Files\Hewlett-Packard

2008-03-31 13:41 --------- d-----w C:\Program Files\Java

2008-03-29 14:32 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ Toolbar

2008-03-29 13:00 --------- d-----w C:\Users\ikke\AppData\Roaming\acccore

2008-03-29 12:57 --------- d-----w C:\Program Files\Common Files\AOL

2008-03-29 12:57 --------- d-----w C:\Program Files\AIM6

2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL OCP

2008-03-29 12:57 --------- d-----w C:\PROGRA~2\AOL

2008-03-29 12:56 --------- d-----w C:\PROGRA~2\AOL Downloads

2008-03-29 12:53 --------- d-----w C:\Users\ikke\AppData\Roaming\ICQ

2008-03-29 12:53 --------- d-----w C:\Program Files\ICQ6

2008-03-29 11:13 --------- d-----w C:\Program Files\Skype

2008-03-29 11:13 --------- d-----w C:\Program Files\Common Files\Skype

2008-03-29 11:13 --------- d-----w C:\PROGRA~2\Skype

2008-03-28 22:34 --------- d-----w C:\PROGRA~2\FLEXnet

2008-03-28 14:34 --------- d-----w C:\Program Files\7-Zip

2008-03-28 10:41 --------- d-----w C:\Users\ikke\AppData\Roaming\BSplayer

2008-03-23 20:50 --------- d-----w C:\Program Files\MediaMonkey

2008-03-22 15:49 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger

2008-03-21 13:05 --------- d-----w C:\Users\ikke\AppData\Roaming\FileSubmit

2008-03-21 10:46 --------- d-----w C:\Program Files\Common Files\Stardock

2008-03-20 21:22 --------- d-----w C:\PROGRA~2\WinZip

2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\WinBatch

2008-03-20 15:23 --------- d-----w C:\Users\ikke\AppData\Roaming\InstallShield

2008-03-20 15:23 --------- d-----w C:\Program Files\HP Webcam

2008-03-20 15:11 --------- d-----w C:\PROGRA~2\Xerox

2008-03-19 17:24 --------- d-----w C:\Program Files\DNA

2008-03-19 17:24 --------- d-----w C:\Program Files\BitTorrent

2008-03-18 20:49 --------- d-----w C:\Users\ikke\AppData\Roaming\FastStone

2008-03-18 20:49 --------- d-----w C:\Program Files\FastStone Image Viewer

2008-03-18 17:08 47,360 ----a-w C:\Users\ikke\AppData\Roaming\pcouffin.sys

2008-03-18 17:08 --------- d-----w C:\Users\ikke\AppData\Roaming\Vso

2008-03-18 17:08 --------- d-----w C:\Program Files\VSO

2008-03-14 16:46 27,240 ----a-w C:\Users\ikke\AppData\Roaming\nvModes.dat

2008-03-13 21:03 --------- d-----w C:\Users\ikke\AppData\Roaming\Apple Computer

2008-03-13 20:54 --------- d-----w C:\Program Files\Opera

2008-03-09 09:45 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-03-09 09:44 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-05 18:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-05 18:45 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy

2008-03-05 18:13 --------- d-----w C:\Program Files\Windows Live

2008-03-02 21:40 --------- d-----w C:\Users\ikke\AppData\Roaming\DivX

2008-03-02 20:40 --------- d-----w C:\Program Files\Picasa2

2008-03-02 11:38 --------- d-----w C:\Users\ikke\AppData\Roaming\Netscape

2008-03-01 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-01 17:27 --------- d-----w C:\Program Files\MSN Messenger

2008-03-01 17:17 --------- d-----w C:\PROGRA~2\WLInstaller

2008-03-01 17:15 --------- d-----w C:\Users\ikke\AppData\Roaming\AntiVirusScherm

2008-03-01 12:55 --------- d-----w C:\Users\ikke\AppData\Roaming\GlobalSCAPE

2008-02-29 18:36 --------- d-----w C:\Users\ikke\AppData\Roaming\SmartFTP

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-27 15:15 --------- d-----w C:\Program Files\Xfire

2008-02-27 15:15 --------- d-----w C:\PROGRA~2\Xfire

2008-02-27 12:16 0 ----a-w C:\Users\ikke\AppData\Roaming\wklnhst.dat

2008-02-23 19:57 --------- d-----w C:\Users\ikke\AppData\Roaming\CyberLink

2008-02-22 21:20 --------- d-----w C:\Users\ikke\AppData\Roaming\HandigeBeheerder

2008-02-22 19:06 --------- d-----w C:\Users\ikke\AppData\Roaming\Ahead

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-20 16:47 --------- d-----w C:\Users\ikke\AppData\Roaming\HP

2008-02-19 20:31 --------- d-----w C:\Users\ikke\AppData\Roaming\Talkback

2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmEditor

2008-02-19 17:32 --------- d-----w C:\Users\ikke\AppData\Roaming\mmDesigner

2008-02-19 17:17 --------- d-----w C:\Users\ikke\AppData\Roaming\Nvu

2008-02-17 13:37 --------- d-----w C:\PROGRA~2\PY_Software

2008-02-17 11:17 --------- d-----w C:\PROGRA~2\GlobalSCAPE

2008-02-16 14:31 --------- d-----w C:\Program Files\Quintessential Media Player

2008-02-16 13:57 --------- d-----w C:\Program Files\DivX

2008-02-16 13:57 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-02-15 20:42 --------- d-----w C:\Program Files\Common Files\Steam

2008-02-15 16:05 --------- d-----w C:\Program Files\Common Files\Real

2008-02-12 22:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-12 22:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-12 22:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-12 22:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-12 22:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-14_16.59.52.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-14 14:50:22 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-14 16:24:43 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-04-13 21:02:31 5,336 ----a-w C:\Windows\bthservsdp.dat

+ 2008-04-14 16:13:56 5,336 ----a-w C:\Windows\bthservsdp.dat

- 2008-04-14 14:51:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-14 16:34:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-04-14 14:52:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-14 16:35:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-04-14 16:35:21 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-14 14:54:29 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-14 16:32:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-04-14 14:52:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-14 16:27:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-04-14 16:27:16 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-14 14:54:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-04-14 16:32:48 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-04-14 16:32:48 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-04-14 14:53:04 7,908 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3188678296-3888111633-339422319-1002_UserData.bin

+ 2008-04-14 16:27:35 7,908 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3188678296-3888111633-339422319-1002_UserData.bin

- 2008-04-14 14:53:04 139,510 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-14 16:27:35 139,618 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-14 14:53:02 80,246 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-14 16:27:33 80,246 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]

"NudgeMania"="C:\Program Files\NudgeMania\NudgeMania.exe" [ ]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]

"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]

"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-05-09 18:54 50736]

"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-06 13:02 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [ ]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]

"Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [ ]

"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-26 18:46 77824]

"Spy Watcher"="C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" [2005-04-07 04:18 557056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-25 20:46:38 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"2Wpuiu7EEf"= C:\Windows\fulqzkls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 21:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=C:\Windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^ikke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]

path=C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk

backup=C:\Windows\pss\Last.fm Helper.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

--a------ 2007-03-12 11:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog 24]

C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

--a------ 2007-02-13 11:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

--a------ 2007-04-23 18:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-01-30 21:01 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

--a------ 2007-01-10 16:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2007-09-30 10:17 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{83523B6B-8F78-400F-8359-BFC5D585775A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{D877737F-8D56-4B8D-AA82-3F0FD0BBBA79}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{0092543F-753A-4105-BDD0-C53B1204DD98}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"UDP Query User{B1A3565D-DE06-4DFF-B189-4B7E2529227D}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"TCP Query User{6F015DB6-B455-4B64-97E2-F6B77EF49812}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare

"UDP Query User{9339EF88-C9D8-4A3C-96B6-53B88A5E1CBC}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare

"TCP Query User{667FCA5A-CC1B-4C55-9DDC-9843D3E3B73D}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{5A2ADFB7-9EBB-4697-B19F-0749B234CD06}C:\\users\\bart\\desktop\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"TCP Query User{4DFD7A31-919E-4A59-9137-D6914A164CA4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{22A6DE5F-2ECF-44CE-9240-66D6984EC106}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{757A06AC-E95A-44DE-9844-5F76B9B71CDB}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= UDP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{38F37EDA-A5E8-42FB-92C5-194C7130D9C4}C:\\users\\bart\\desktop\\bearshare\\bearshare.exe"= TCP:C:\users\bart\desktop\bearshare\bearshare.exe:bearshare.exe

"TCP Query User{552D77A5-69D4-4600-A142-1EF2D05EE433}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare

"UDP Query User{0F60DED8-0E3F-40F3-A7BF-F483E30FEBAA}C:\\program files\\bearshare\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare\bearshare.exe:BearShare

"TCP Query User{DC482A8D-F2D4-47D4-B2CE-72B1C73DDAA5}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{3FBC69B3-7328-4FEE-9987-E5858EE177FD}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{1ED630D7-5911-4783-9F7E-F6AD867FC5E2}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{BDF77066-BFB8-41F3-B35E-3CBFA8158FDA}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{9C14A28B-07EF-4C7D-B814-A3A0FACCD585}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{DF80080F-4B3E-4867-B985-0133274D6F4D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{6DF00939-A66A-4A7E-8634-561867C5BFB8}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= UDP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{61CAF39C-B025-4821-A035-708F6F724ADD}H:\\software\\downloadprogramma\\downloadprogramma\\bearshare\\bearshare.exe"= TCP:H:\software\downloadprogramma\downloadprogramma\bearshare\bearshare.exe:bearshare.exe

"TCP Query User{A7BEAB48-648C-4BBB-83D8-75150936BDF8}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"UDP Query User{A2ACD869-5728-4175-A2D5-46B703227E43}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger

"{1A76E207-7772-4600-A6CF-2DEADD620D11}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{D41B2AE6-2F98-4B0D-B89B-EF153FDDB234}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{D824E184-7A55-4DAA-907C-95E5495AB8D5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{5F52C282-D76E-4720-A8BB-FE3A97D5987F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{D2522863-5F7F-4627-A697-737125D1E6BF}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2

"UDP Query User{08671418-D823-4A60-B540-10FC3E3B999D}C:\\program files\\steam\\steamapps\\bartje977\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\bartje977\counter-strike source\hl2.exe:hl2

"{2DB40983-6280-460F-8458-4019751D772A}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{B6339253-71B2-43D5-9DBF-B9CBC6790BBB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{16CA3A18-28FF-4A59-A7E1-D27C88D29851}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{4997B15B-BBE2-4489-8679-47E2D665D7EC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{DB4C318E-3FF6-4030-81B7-47D94C1BFE68}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{2AAD00A5-5167-4E50-A7D7-3F732A8043A0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C9D7D84B-747D-4CCA-94DF-B111DD8A1414}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{9A66DE17-E459-4651-B2C5-769BFEFF8F62}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{A29A89B3-3906-47C7-8CFD-02E8A86CE612}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= UDP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe

"UDP Query User{117E4158-75D0-45A2-8846-A68926E0CC41}C:\\users\\bart\\documents\\bearshare\\bearshare.exe"= TCP:C:\users\bart\documents\bearshare\bearshare.exe:bearshare.exe

"{C2D4D891-F47C-4801-86C3-26C4D199764B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{CFE1B510-6F8F-4E36-B39D-39EA221FED6E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{727CE370-29F0-4033-BE82-8871EB5E1A2B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{176C9E80-A887-411E-A12F-1D9C904F8762}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{1112A60F-254C-4693-8F3B-0F6CB4B4F474}"= UDP:C:\Program Files\DNA\btdna.exe:DNA

"{AF17A790-875F-4BBE-BB0D-76B0568A8E2C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

"{39454884-EEEE-4131-8BE9-95E022681A90}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{C8BA96EB-F64F-470B-8007-615906F516F6}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{8BE25293-98A8-44BA-AE3C-6468D4E44B27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{89287EED-F97B-4537-8B7A-96B388DF1AF3}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{93B0045B-1C90-4D4D-835C-AD204B436660}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"TCP Query User{DF4CE028-FA2F-4D43-B5C3-8D3DDF1D3B66}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{2AAE8935-765E-4266-AA39-34A8E241AEAF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 APPFLT;App Filter Plugin;C:\Windows\system32\Drivers\APPFLT.SYS [2007-05-11 10:33]

R1 DSAFLT;DSA Filter Plugin;C:\Windows\system32\Drivers\DSAFLT.SYS [2007-05-11 10:33]

R1 FNETMON;NetMon Filter Plugin;C:\Windows\system32\Drivers\fnetmon.SYS [2007-05-11 10:33]

R1 IDSFLT;Ids Filter Plugin;C:\Windows\system32\Drivers\IDSFLT.SYS [2007-07-11 12:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 10:33]

R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]

R1 SMSFLT;SMS Filter Plugin;C:\Windows\system32\Drivers\SMSFLT.SYS [2007-05-11 10:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\system32\Drivers\WNMFLT.SYS [2007-05-11 10:33]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-06-06 11:43]

R2 ComFiltr;Panda Anti-Dialer;C:\Windows\system32\DRIVERS\COMFiltr.sys [2007-10-29 12:55]

R2 cpoint;Panda CPoint Driver;C:\Windows\system32\Drivers\cpoint.sys [2007-06-08 09:44]

R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]

R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe" [2007-03-21 20:32]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]

R3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 12:45]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\netimflt.sys [2007-04-24 16:43]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-07-30 14:20]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-15 22:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker

GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d665a4e4-6e06-11dc-8e34-806e6f6e6963}]

\shell\AutoRun\command - F:\autorun.exe

\shell\directx\command - F:\DirectX9\dxsetup.exe

\shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4dce9cf-6f6e-11dc-823d-001a6be139af}]

\shell\AutoRun\command - N:\setup.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-14 16:35:00 C:\Windows\Tasks\User_Feed_Synchronization-{2CC08CE3-A954-4B66-89A4-84469A7D2A23}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 18:36:42

Windows 6.0.6000 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-14 18:37:58

ComboFix-quarantined-files.txt 2008-04-14 16:37:50

ComboFix2.txt 2008-04-14 15:00:37

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-13 19:29:51 --- E O F ---

hjackthis logje

An unexpected error has occurred at procedure: modMain_CheckOther1Item()

Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:

* What you were trying to fix when the error occurred, if applicable

* How you can reproduce the error

* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.00.1904

MSIE version: 7.0.6000.16609

HijackThis version: 1.99.1

This message has been copied to your clipboard.

Click OK to continue the rest of the scan.

deze hijackthis kreeg ik niet weg ==> O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing), krijg ook geen error fzo het gaat redelijk vlot maar als ik na de bewerking kijk of ie er niet meer staat ja dan staat ie er nog. mvg van bart

[kape]

Dat kan kloppen : dan moet je eerst deze service uitschakelen. Via Start -> Uitvoeren -> typ services.msc en zoek daar naar deze service. Als hij daar staat verwijderen of uitschakelen ... en dan daarna opnieuw proberen te verwijderen met HJT. En dat log van SDFix zou ik ook nog altijd graag zien ?

Verwijder ook je huidige HiJackThis en download een nieuwe versie HIER.

Daar kan je dan een nieuw logje mee maken en proberen bovenstaande service te fixen.

[bart 16]

euhm als ik op die cmd klik dan krijg ik een foutmelding van wininit.dll dat hij die dll niet kan vinden en dat dit nieuw installeren hiervoor de oplossing kan zijn !! wat nu te doen ? MVG VAN BART ?