b*rt

Beste Xeno, Als mijn pc een poos loopt, een paar uur nu. Lijkt hij een klein beetje te stotteren. Dit is vooral merkbaar in geluiden welke hij af wil spelen. Dit was ook al toen ik voor het eerst hier poste. Misschien hoort het er ook bij? :S Ik heb geen idee wat de pc dan nu aan het uitvoeren is. Wanneer ik hem opnieuw opstart gaat het weer goed met de geluiden. Misschien heb je wat aan deze extra info. Groet b*rt

Zal het misschien doormiddel van start>uitvoeren en daar die code invoeren om combofix te verwijderen lukken?

Hoi Xeno, Mooi Ik ben benieuwd hoe de voorbeeldweergave (en dus waarschijnlijk ook de achtergrond terugkomt.) Groeten! b*rt

Beste Xeno, ik heb geen map met To Remove.. Ik ben er vandoor, ik kan morgenmiddag je reactie pas lezen.. Fijne avond verder. Bedankt, groet b*rt

groet b*rt REGLOOKS logfile version 0.977 2008-04-21 22:43:01.09 running from: "D:\Bart Gebruikersbestanden\Desktop" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad only standard or legit regkeys found --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify only standard or legit regkeys found --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce regkey does not exist --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx regkey does not exist --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices regkey does not exist --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce regkey does not exist --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx regkey does not exist --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices regkey does not exist --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce regkey does not exist --- HKU\.DEFAULT\Run regkeys - Default user --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKU\S-1-5-19\Run regkeys - User Lokale service --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKU\S-1-5-20\Run regkeys - User Netwerkservice --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run regkey does not exist --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run regkey does not exist --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options regkey does not exist --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects regkey does not exist --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar regkey does not exist --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks regkey does not exist --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal no unknown services found --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network no unknown services found --- SERVICES --- no unknown services found no unknown services found! --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders regkey does not exist --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost LocalService: nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0SstpSvc\0\0 LocalSystemNetworkRestricted: hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0 NetworkServiceNetworkRestricted: PolicyAgent\0\0 LocalServiceNoNetwork: PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0 NetworkService: CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0 termsvcs: TermService\0\0 WerSvcGroup: wersvc\0\0 netsvcs: AeLookupSvc\0wercplsupport\0Themes\0CertPropSvc\0SCPolicySvc\0lanmanserver\0gpsvc\0IKEEXT\0AudioSrv\0FastUserSwitchingCompatibility\0Ias\0Irmon\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Wmi\0WmdmPmSp\0TermService\0wuauserv\0BITS\0ShellHWDetection\0LogonHours\0PCAudit\0helpsvc\0uploadmgr\0iphlpsvc\0seclogon\0AppInfo\0msiscsi\0MMCSS\0ProfSvc\0EapHost\0winmgmt\0schedule\0SessionEnv\0browser\0hkmsvc\0\0 swprv: swprv\0\0 LocalServiceNetworkRestricted: DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0 rpcss: RpcSs\0\0 regsvc: RemoteRegistry\0\0 wcssvc: WcsPlugInService\0\0 DcomLaunch: PlugPlay\0DcomLaunch\0\0 wdisvc: WdiServiceHost\0\0 sdrsvc: sdrsvc\0\0 imgsvc: StiSvc\0\0 secsvcs: WinDefend\0\0 bthsvcs: BthServ\0\0 WindowsMobile: wcescomm\0rapimgr\0\0 LocalServiceRestricted: WcesComm\0RapiMgr\0\0 --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW --- DNS SERVER regkeys --- no "NameServer" values found --- STARTUP FOLDERS --- C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk --- TASK SCHEDULER JOBS --- C:\Windows\tasks\Controleren op updates voor Windows Live Toolbar.job C:\Windows\tasks\User_Feed_Synchronization-{F3506F30-F03C-4547-B24B-ED550C9E79FF}.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\winhlp32.exe %1) .INF files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: ("%SystemRoot%\System32\WScript.exe" "%1" %*) FINISHED

oke succes ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Bart\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC_VAN_BART ComSpec=C:\Windows\system32\cmd.exe configsetroot=C:\Windows\ConfigSetRoot FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Bart KMP_DUPLICATE_LIB_OK=TRUE LOCALAPPDATA=C:\Users\Bart\AppData\Local LOGONSERVER=\\PC_VAN_BART NUMBER_OF_PROCESSORS=4 OMP_NUM_THREADS=4 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f07 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Bart\AppData\Local\Temp TMP=C:\Users\Bart\AppData\Local\Temp USERDOMAIN=PC_van_Bart USERNAME=Bart USERPROFILE=C:\Users\Bart windir=C:\Windows

Trouwens, de voorbeeldwaargave van de inhoud van mappen blijft weg. Van plaatjes en pdf bestanden geeft hij wel een voorbeeld. Ik hoop dat je een idee hebt?! Groet b*rt

het lijkt wel alsof alle miniatuurweergave van plaatjes en bestanden wit blijven. Dit is wel weer zichtbaar als ik de beeldweergave instellingen wijzig. Bijvoorbeeld van grote pictogrammen naar lijst of details etc. Als ik naar mijn bureaubladinstellingen ga zie ik ook de miniatuur van het bureaubladscherm niet. vandaar?

Is goed. Mag ik vragen of je er een beetje vertrouwen in hebt? Als pc gebruiker lijkt het nu alsof verder alles normaliter draait. Groet b*rt

Hoi Xeno, Ik ben daar. (met een zwart achtergrond, maar ik weet niet of dat je nou nog veel toe doet). Groet

Combofix uitgevoerd met dat script, het programma vraagt niet om opnieuw op te starten maar doet dit zelf. (lijkt wel een beetje uittevallen en start dan op) Voordat dat gebeurt zie ik een blauw full screen scherm met een aantal procenten, dit maakt hij af: komt tot 100. Helaas heb ik echt het idee dat combofix niets meer doet na de 'herstart'. Ik heb lang gewacht. Het lijkt wel alsof hij iets niet af maakt. Ik zie niks meer van Combo. De achtergrond blijft zwart. Ik heb de pc hierna opnieuw opgestart, nogmaals lang gewacht, maar het blijft niets doen. (CPU blijft laag etc). Nu weer lang gewacht en de pc afgesloten, gewacht, en opnieuw opgestart. Achtergrond is nu nog steeds zwart.. Groet b*rt

Oke sorry, ik zit met een paar vragen voor de duidelijkheid. combofix verwijderen, (zoals je aangeeft) en opnieuw installeren. Dan dus niet laten draaien? 1e keer draaien is direct met dat script? Als de pc opnieuw opstart wordt er tijdens het opstarten gevraagd in welke modus ik dat wil. De keuze staat op normaal. Wanneer windows dan is geladen zegt windows dat hij is hersteld van een fout, ik kreeg toen een keuze, moet ik wat met deze keuze? Dat script waar je het als laatste over hebt dat is dit waar ik het ook over heb? Of dat is iets wat straks komt? (Je wilt niet weten hoe dankbaar ik je straks ben voor alles )

oke, excuus Xeno. Dat over msn en live mail is al verholpen, was stom van me. Ik ga de stappen weer doen. Groet

(deze reactie was overbodig en nu verholpen)

update: stap 3 uitgevoerd en opnieuw opgestart. Ik heb mijn achtergrond weer en die .dll melding niet. Gaat de goede kant op?

Beste Xeno, Stap 1 en 2 uitgevoerd. Toen ik dat .txt file in combofix plaatste, herstarte mijn pc indd. Alleen bleef het achtergrond zwart en ging comfix niet door, dus heb ik geen log gekregen. Ik heb combofix toen nogmaals gedraaid (niet met dat .txt bestandje erin maar gewoon) het log: Nu ga ik voor stap 3 ComboFix 08-04-18.3 - Bart 2008-04-21 16:10:17.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1042 [GMT 2:00] Gestart vanuit: D:\Bart Gebruikersbestanden\Desktop\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))) . 2008-04-21 16:05 . 2008-04-21 16:05 213,715,703 --a------ C:\Windows\MEMORY.DMP 2008-04-21 16:05 . 2008-04-21 16:05 524,288 --ahs---- C:\Users\Bart\NTUSER.DAT{f98cd136-0fab-11dd-a8b3-001150c6352e}.TMContainer00000000000000000002.regtrans-ms 2008-04-21 16:05 . 2008-04-21 16:05 524,288 --ahs---- C:\Users\Bart\NTUSER.DAT{f98cd136-0fab-11dd-a8b3-001150c6352e}.TMContainer00000000000000000001.regtrans-ms 2008-04-21 16:05 . 2008-04-21 16:05 65,536 --ahs---- C:\Users\Bart\NTUSER.DAT{f98cd136-0fab-11dd-a8b3-001150c6352e}.TM.blf 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-20 12:02 . 2008-04-20 12:02 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-04-19 13:15 . 2008-04-19 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-04-19 11:16 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Software 2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\Users\All Users\NCH Swift Sound 2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\ProgramData\NCH Swift Sound 2008-04-19 11:13 . 2008-04-19 11:13 <DIR> d-------- C:\Users\Bart\AppData\Roaming\NCH Swift Sound 2008-04-19 11:13 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-04-16 15:55 . 2008-04-16 15:55 <DIR> d-------- C:\Program Files\WinSCP 2008-04-16 13:48 . 2008-04-16 13:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-04-16 13:26 . 2008-04-16 13:26 <DIR> d-------- C:\PerfLogs 2008-04-16 12:33 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-04-16 12:32 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-04-16 12:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-04-16 12:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-04-16 12:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-04-16 12:29 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-04-16 12:29 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-04-16 12:29 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-04-16 12:29 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-04-15 18:32 . 2008-04-16 13:48 49 --a------ C:\Windows\NeroDigital.ini 2008-04-15 18:30 . 2007-09-28 14:27 19,840 --a------ C:\Windows\System32\drivers\StMp3Rec.sys 2008-04-15 18:29 . 2008-04-15 18:30 <DIR> d-------- C:\Philips 2008-04-15 15:12 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS 2008-04-15 15:12 . 2007-05-09 11:00 159,744 --a------ C:\Windows\System32\WkWin32.dll 2008-04-15 15:12 . 2007-05-09 11:00 72,704 --a------ C:\Windows\System32\drivers\WibuKey.sys 2008-04-15 15:12 . 2007-05-09 11:00 16,384 --a------ C:\Windows\System32\drivers\Wibukey2.sys 2008-04-15 15:10 . 2008-04-16 00:07 <DIR> d-------- C:\Program Files\Graphisoft 2008-04-14 19:26 . 2008-04-16 23:26 <DIR> d-------- C:\Users\Bart\Graphisoft 2008-04-14 19:26 . 2008-04-14 19:54 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Graphisoft 2008-04-14 19:07 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBUKEY 2008-04-14 19:07 . 2008-04-16 00:08 9,346 --a------ C:\Windows\vpd.properties 2008-04-09 22:32 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe 2008-04-09 22:32 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe 2008-04-09 22:32 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll 2008-04-09 22:32 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll 2008-04-09 22:32 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-04-09 22:32 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-04-09 22:32 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-09 22:32 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-09 22:32 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-04-09 22:32 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-09 22:31 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-04-09 22:31 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-04-09 22:30 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-04-09 22:30 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-21 14:07 --------- d-----w C:\Users\Bart\AppData\Roaming\skypePM 2008-04-21 14:07 --------- d-----w C:\Users\Bart\AppData\Roaming\Skype 2008-04-21 13:03 --------- d-----w C:\ProgramData\Google Updater 2008-04-20 11:24 --------- d-----w C:\ProgramData\FreePDF 2008-04-20 08:29 --------- d-----w C:\Program Files\Picasa2 2008-04-19 01:29 --------- d-----w C:\Users\Bart\AppData\Roaming\uTorrent 2008-04-18 07:00 --------- d-----w C:\Program Files\Google 2008-04-16 11:34 174 --sha-w C:\Program Files\desktop.ini 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Mail 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Journal 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Defender 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Calendar 2008-04-16 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-04-16 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-15 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-07 13:41 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-17 18:29 --------- d-----w C:\Program Files\Java 2008-03-05 20:29 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-05 16:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 16:36 --------- d-----w C:\Program Files\Windows Live 2008-03-05 16:34 --------- d-----w C:\ProgramData\WLInstaller 2008-03-01 13:21 --------- d-----w C:\Program Files\MSN Messenger 2008-02-27 13:19 --------- d-----w C:\Program Files\Belastingdienst 2008-02-25 14:45 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-25 14:45 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-25 14:44 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys 2008-02-22 13:21 --------- d-----w C:\Program Files\Tsview.win 2008-02-11 18:13 539,160 ----a-w C:\Windows\System32\igfxcfg.exe 2008-02-11 18:13 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe 2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxzoom.exe 2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxext.exe 2008-02-11 18:13 166,424 ----a-w C:\Windows\System32\hkcmd.exe 2008-02-11 18:13 141,848 ----a-w C:\Windows\System32\igfxtray.exe 2008-02-11 18:13 133,656 ----a-w C:\Windows\System32\igfxpers.exe 2008-02-11 17:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll 2008-02-11 17:36 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll 2008-02-11 17:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin 2008-02-11 17:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin 2008-02-11 17:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin 2008-02-11 17:01 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll 2008-02-11 17:01 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll 2008-02-11 16:48 245,760 ----a-w C:\Windows\System32\igfxTMM.dll 2008-02-11 16:47 69,632 ----a-w C:\Windows\System32\oemdspif.dll 2008-02-11 16:47 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll 2008-02-11 16:47 24,576 ----a-w C:\Windows\System32\igfxexps.dll 2008-02-11 16:47 204,800 ----a-w C:\Windows\System32\igfxpph.dll 2008-02-11 16:46 3,293,184 ----a-w C:\Windows\System32\igfxress.dll 2008-02-11 16:46 204,800 ----a-w C:\Windows\System32\igfxdev.dll 2008-02-11 16:46 135,168 ----a-w C:\Windows\System32\igfxdo.dll 2008-02-11 16:46 106,496 ----a-w C:\Windows\System32\hccutils.dll 2007-09-30 12:39 103,736 ----a-w C:\Users\Bart\AppData\Roaming\GDIPFONTCACHEV1.DAT 2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-22 10:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-04-20_21.04.01,15 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-20 13:40:19 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-21 14:05:31 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-04-21 14:05:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-04-21 14:05:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-04-20 18:55:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-21 14:07:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-20 13:42:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-21 14:08:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-21 14:08:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-04-20 18:59:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-21 14:09:22 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-20 13:42:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-21 14:07:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-21 14:07:45 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-21 14:06:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-20 17:43:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-21 14:06:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-21 14:06:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-20 13:45:33 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-21 14:12:21 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-20 13:45:33 126,648 ----a-w C:\Windows\System32\perfc013.dat + 2008-04-21 14:12:21 126,648 ----a-w C:\Windows\System32\perfc013.dat - 2008-04-20 13:45:33 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-21 14:12:21 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-20 13:45:33 667,120 ----a-w C:\Windows\System32\perfh013.dat + 2008-04-21 14:12:21 667,120 ----a-w C:\Windows\System32\perfh013.dat - 2008-04-20 13:42:54 5,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin + 2008-04-21 14:08:01 5,512 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin - 2008-04-20 13:42:54 57,930 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-21 14:08:01 57,946 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-20 13:42:51 52,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-21 13:20:21 52,072 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 23:59 68856] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] "qzgnljpo"="C:\ProgramData\qzgnljpo\ongfebcn.exe" [ ] "VMkb4HTjpS"="C:\ProgramData\gncvojml\knqbgbup.exe" [ ] "wcjezcww"="C:\ProgramData\wcjezcww\snmvuxep.exe" [ ] "vrwwrtxr"="C:\ProgramData\vrwwrtxr\snmvuxep.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-02 11:11 3772416 C:\Windows\RtHDVCpl.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-08-17 15:59 258134] "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-23 22:19:31 692224] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 11:14:28 421888] Network Server.lnk - C:\Program Files\WIBUKEY\Server\WkSvMgr.exe [2008-04-15 15:13:13 3768320] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{9640623C-8418-4177-AF8F-A674FF80DF4F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{8F984C0E-7AE6-4E47-8755-4CA668323F1B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{79CDA76A-A6BB-41BE-B529-E65EAC89D96C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{F6F602E8-09DD-4382-B059-C082E64DC644}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{7605BB9A-2523-4DAE-AF41-C98DC4A2C9D6}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{4EC2C31A-026E-4555-8870-4B597F6034BF}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{A2D57D95-1C34-4909-8C66-CED6173B3A53}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{1B8A60B7-AE60-4609-8D59-7177F3C284E7}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{405FC589-26B4-4E96-B7B7-13D1E22FB063}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{A1A05DB9-EDE7-4354-B6A5-DFB1658D20FA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{23FA42BD-6E9D-4DBD-99A8-BB02C63092C0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{C9D310DC-97F7-412A-9E23-28A4D4F429A8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{C3504007-C8E0-402E-8438-DCC2ABD6CF3A}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp "UDP Query User{9433D19C-E2B0-4E14-AE35-E858EFF16A79}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp "{BB1F8097-458D-4286-8C13-CA6504A751F7}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{140D725A-8DD0-4E60-8ADD-86071C36FE3A}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "TCP Query User{FDAA8CC2-A234-4EC3-84E5-73795F75CCEA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{701849C1-DA41-42EA-8BA3-040D08C0C5C5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{8D473774-4EF3-476C-A78E-AFB6318910D8}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{B4C0FB00-7F52-4A1D-BEE3-6EC54B6CC94F}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{51B14973-C532-49EF-A60B-99F4B2AF967B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{69E389A6-1D27-4FE2-B35E-C58DCFF9F836}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{98300E0C-ED17-4712-B94F-52AB5C223889}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= UDP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver "UDP Query User{8594B12E-929D-4578-81EC-393D1FEAEF7E}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= TCP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver "TCP Query User{F8FEF068-1373-4630-9F4E-B7B924C3D314}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek "UDP Query User{E26C7FB7-DD42-442F-9EC7-9C4174ABCDD1}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek "TCP Query User{489A21C4-CD64-41D4-A9B9-6AFA8C19C0A5}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek "UDP Query User{933ECCF3-D503-4E20-8904-8574B0F1830F}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek "{040BAAB3-582D-4025-92DC-616AFA00D020}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{AA6E563A-0635-427A-9668-D4A4A94BAD1D}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{724BE152-0FB7-4685-B17E-DF6AA5875875}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{4A331558-8C48-41E7-A4A2-21188DDCE254}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{BD73F861-354D-449E-BF9D-24B949A79380}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{49BF5D41-A2CD-4558-9E02-7DC5B71E80D5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{19A19C19-AA5F-4990-BE04-34F0A225699D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D60C95A0-4B33-416B-8FE0-490FEA7B0A7B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{37521B48-29ED-4587-AD69-4F100DF5F5F6}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{70D2486B-B649-42F3-B6F7-39B1CA62EB78}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= UDP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component "UDP Query User{9ACBBBC8-A4AB-40D9-B7B7-C666B32051A5}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= TCP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component "TCP Query User{B19538FE-A1C9-4D28-BD5E-08CFBF8C330B}C:\\program files\\winscp\\winscp.exe"= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client "UDP Query User{C7BEEE9E-4F04-42A0-A48C-BF0578CAC521}C:\\program files\\winscp\\winscp.exe"= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-08-17 15:58] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 14:24] R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5090ebe5-5796-11dc-9727-001150c6352e}] \shell\Auto\command - UFO.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b300e99f-0aee-11dd-b6e3-001150c6352e}] \shell\Auto\command - K:\UFO.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\UFO.exe . Inhoud van de 'Gedeelde Taken' map "2008-04-21 14:03:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-04-21 14:00:24 C:\Windows\Tasks\User_Feed_Synchronization-{F3506F30-F03C-4547-B24B-ED550C9E79FF}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-21 16:12:43 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\BsLangInDepRes.dll . Voltooingstijd: 2008-04-21 16:14:18 ComboFix-quarantined-files.txt 2008-04-21 14:13:24 ComboFix2.txt 2008-04-20 19:05:07 ComboFix3.txt 2008-04-20 12:08:02 Pre-Run: 28,278,939,648 bytes beschikbaar Post-Run: 28,149,858,304 bytes beschikbaar 302 --- E O F --- 2008-04-18 14:18:13 en hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:16:24, on 21-4-2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 10792 bytes

Oke gedaan. Moet ik trouwens Spybot Search & Destroy even uitzetten? Die blijft (zoals bij combofix) om toestemmingen vragen. Hoe is deze tijdelijk uit te zetten? Shit had dit niet verwacht dat het zo diep zou zitten..:S combofix log: ComboFix 08-04-18.3 - Bart 2008-04-20 20:59:52.2 - NTFSx86 Gestart vanuit: D:\Bart Gebruikersbestanden\Desktop\ComboFix.exe Command switches used :: D:\Bart Gebruikersbestanden\Desktop\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\gncvojml C:\ProgramData\qpucxfsd C:\ProgramData\qpucxfsd\dcjonidw.exe C:\ProgramData\qzgnljpo C:\ProgramData\vrwwrtxr C:\ProgramData\wcjezcww C:\Users\All Users\qpucxfsd\dcjonidw.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))) . 2008-04-20 20:58 . 2008-04-20 20:58 <DIR> d-------- C:\327882R2FWJFW 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-20 12:02 . 2008-04-20 12:02 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-04-19 13:15 . 2008-04-19 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-04-19 11:16 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Software 2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\Users\All Users\NCH Swift Sound 2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\ProgramData\NCH Swift Sound 2008-04-19 11:13 . 2008-04-19 11:13 <DIR> d-------- C:\Users\Bart\AppData\Roaming\NCH Swift Sound 2008-04-19 11:13 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-04-16 15:55 . 2008-04-16 15:55 <DIR> d-------- C:\Program Files\WinSCP 2008-04-16 13:48 . 2008-04-16 13:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-04-16 13:26 . 2008-04-16 13:26 <DIR> d-------- C:\PerfLogs 2008-04-16 12:33 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-04-16 12:32 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-04-16 12:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-04-16 12:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-04-16 12:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-04-16 12:29 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-04-16 12:29 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-04-16 12:29 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-04-16 12:29 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-04-15 18:32 . 2008-04-16 13:48 49 --a------ C:\Windows\NeroDigital.ini 2008-04-15 18:30 . 2007-09-28 14:27 19,840 --a------ C:\Windows\System32\drivers\StMp3Rec.sys 2008-04-15 18:29 . 2008-04-15 18:30 <DIR> d-------- C:\Philips 2008-04-15 15:12 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS 2008-04-15 15:12 . 2007-05-09 11:00 159,744 --a------ C:\Windows\System32\WkWin32.dll 2008-04-15 15:12 . 2007-05-09 11:00 72,704 --a------ C:\Windows\System32\drivers\WibuKey.sys 2008-04-15 15:12 . 2007-05-09 11:00 16,384 --a------ C:\Windows\System32\drivers\Wibukey2.sys 2008-04-15 15:10 . 2008-04-16 00:07 <DIR> d-------- C:\Program Files\Graphisoft 2008-04-14 19:26 . 2008-04-16 23:26 <DIR> d-------- C:\Users\Bart\Graphisoft 2008-04-14 19:26 . 2008-04-14 19:54 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Graphisoft 2008-04-14 19:07 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBUKEY 2008-04-14 19:07 . 2008-04-16 00:08 9,346 --a------ C:\Windows\vpd.properties 2008-04-09 22:32 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe 2008-04-09 22:32 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe 2008-04-09 22:32 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll 2008-04-09 22:32 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll 2008-04-09 22:32 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-04-09 22:32 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-04-09 22:32 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-09 22:32 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-09 22:32 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-04-09 22:32 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-09 22:31 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-04-09 22:31 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-04-09 22:30 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-04-09 22:30 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 14:03 --------- d-----w C:\Users\Bart\AppData\Roaming\Skype 2008-04-20 14:01 --------- d-----w C:\Users\Bart\AppData\Roaming\skypePM 2008-04-20 11:24 --------- d-----w C:\ProgramData\FreePDF 2008-04-20 08:29 --------- d-----w C:\ProgramData\Google Updater 2008-04-20 08:29 --------- d-----w C:\Program Files\Picasa2 2008-04-19 01:29 --------- d-----w C:\Users\Bart\AppData\Roaming\uTorrent 2008-04-18 07:00 --------- d-----w C:\Program Files\Google 2008-04-16 11:34 174 --sha-w C:\Program Files\desktop.ini 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Mail 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Journal 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Defender 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Calendar 2008-04-16 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-04-16 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-15 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-07 13:41 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-17 18:29 --------- d-----w C:\Program Files\Java 2008-03-05 20:29 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-05 16:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 16:36 --------- d-----w C:\Program Files\Windows Live 2008-03-05 16:34 --------- d-----w C:\ProgramData\WLInstaller 2008-03-01 13:21 --------- d-----w C:\Program Files\MSN Messenger 2008-02-27 13:19 --------- d-----w C:\Program Files\Belastingdienst 2008-02-25 14:45 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-25 14:45 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-25 14:44 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys 2008-02-22 13:21 --------- d-----w C:\Program Files\Tsview.win 2008-02-11 18:13 539,160 ----a-w C:\Windows\System32\igfxcfg.exe 2008-02-11 18:13 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe 2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxzoom.exe 2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxext.exe 2008-02-11 18:13 166,424 ----a-w C:\Windows\System32\hkcmd.exe 2008-02-11 18:13 141,848 ----a-w C:\Windows\System32\igfxtray.exe 2008-02-11 18:13 133,656 ----a-w C:\Windows\System32\igfxpers.exe 2008-02-11 17:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll 2008-02-11 17:36 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll 2008-02-11 17:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin 2008-02-11 17:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin 2008-02-11 17:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin 2008-02-11 17:01 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll 2008-02-11 17:01 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll 2008-02-11 16:48 245,760 ----a-w C:\Windows\System32\igfxTMM.dll 2008-02-11 16:47 69,632 ----a-w C:\Windows\System32\oemdspif.dll 2008-02-11 16:47 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll 2008-02-11 16:47 24,576 ----a-w C:\Windows\System32\igfxexps.dll 2008-02-11 16:47 204,800 ----a-w C:\Windows\System32\igfxpph.dll 2008-02-11 16:46 3,293,184 ----a-w C:\Windows\System32\igfxress.dll 2008-02-11 16:46 204,800 ----a-w C:\Windows\System32\igfxdev.dll 2008-02-11 16:46 135,168 ----a-w C:\Windows\System32\igfxdo.dll 2008-02-11 16:46 106,496 ----a-w C:\Windows\System32\hccutils.dll 2007-09-30 12:39 103,736 ----a-w C:\Users\Bart\AppData\Roaming\GDIPFONTCACHEV1.DAT 2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-22 10:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-04-20_14.07.02,62 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-20 11:51:34 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-04-20 13:40:19 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-20 11:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-04-20 11:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-04-20 13:40:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-04-20 11:52:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-20 18:55:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-20 11:53:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-20 13:42:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-20 13:42:31 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-04-20 12:04:11 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-20 18:59:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-20 11:53:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-20 13:42:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-04-20 13:42:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-04-20 11:52:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-20 11:52:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-20 17:43:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-20 11:52:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-20 17:43:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-20 11:56:53 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-20 13:45:33 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-20 11:56:53 126,648 ----a-w C:\Windows\System32\perfc013.dat + 2008-04-20 13:45:33 126,648 ----a-w C:\Windows\System32\perfc013.dat - 2008-04-20 11:56:53 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-20 13:45:33 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-20 11:56:53 667,120 ----a-w C:\Windows\System32\perfh013.dat + 2008-04-20 13:45:33 667,120 ----a-w C:\Windows\System32\perfh013.dat - 2008-04-20 11:54:12 5,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin + 2008-04-20 13:42:54 5,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-772422397-1900820080-721918258-1000_UserData.bin - 2008-04-20 11:54:12 57,828 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-20 13:42:54 57,930 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-20 11:54:09 51,928 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-04-20 13:42:51 52,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 23:59 68856] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "qzgnljpo"="C:\ProgramData\qzgnljpo\ongfebcn.exe" [ ] "VMkb4HTjpS"="C:\ProgramData\gncvojml\knqbgbup.exe" [ ] "wcjezcww"="C:\ProgramData\wcjezcww\snmvuxep.exe" [ ] "vrwwrtxr"="C:\ProgramData\vrwwrtxr\snmvuxep.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-02 11:11 3772416 C:\Windows\RtHDVCpl.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-08-17 15:59 258134] "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-23 22:19:31 692224] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 11:14:28 421888] Network Server.lnk - C:\Program Files\WIBUKEY\Server\WkSvMgr.exe [2008-04-15 15:13:13 3768320] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{9640623C-8418-4177-AF8F-A674FF80DF4F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{8F984C0E-7AE6-4E47-8755-4CA668323F1B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{79CDA76A-A6BB-41BE-B529-E65EAC89D96C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{F6F602E8-09DD-4382-B059-C082E64DC644}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{7605BB9A-2523-4DAE-AF41-C98DC4A2C9D6}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{4EC2C31A-026E-4555-8870-4B597F6034BF}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{A2D57D95-1C34-4909-8C66-CED6173B3A53}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{1B8A60B7-AE60-4609-8D59-7177F3C284E7}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{405FC589-26B4-4E96-B7B7-13D1E22FB063}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{A1A05DB9-EDE7-4354-B6A5-DFB1658D20FA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{23FA42BD-6E9D-4DBD-99A8-BB02C63092C0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{C9D310DC-97F7-412A-9E23-28A4D4F429A8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{C3504007-C8E0-402E-8438-DCC2ABD6CF3A}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp "UDP Query User{9433D19C-E2B0-4E14-AE35-E858EFF16A79}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp "{BB1F8097-458D-4286-8C13-CA6504A751F7}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{140D725A-8DD0-4E60-8ADD-86071C36FE3A}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "TCP Query User{FDAA8CC2-A234-4EC3-84E5-73795F75CCEA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{701849C1-DA41-42EA-8BA3-040D08C0C5C5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{8D473774-4EF3-476C-A78E-AFB6318910D8}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{B4C0FB00-7F52-4A1D-BEE3-6EC54B6CC94F}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{51B14973-C532-49EF-A60B-99F4B2AF967B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{69E389A6-1D27-4FE2-B35E-C58DCFF9F836}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{98300E0C-ED17-4712-B94F-52AB5C223889}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= UDP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver "UDP Query User{8594B12E-929D-4578-81EC-393D1FEAEF7E}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= TCP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver "TCP Query User{F8FEF068-1373-4630-9F4E-B7B924C3D314}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek "UDP Query User{E26C7FB7-DD42-442F-9EC7-9C4174ABCDD1}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek "TCP Query User{489A21C4-CD64-41D4-A9B9-6AFA8C19C0A5}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek "UDP Query User{933ECCF3-D503-4E20-8904-8574B0F1830F}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek "{040BAAB3-582D-4025-92DC-616AFA00D020}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{AA6E563A-0635-427A-9668-D4A4A94BAD1D}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{724BE152-0FB7-4685-B17E-DF6AA5875875}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{4A331558-8C48-41E7-A4A2-21188DDCE254}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{BD73F861-354D-449E-BF9D-24B949A79380}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{49BF5D41-A2CD-4558-9E02-7DC5B71E80D5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{19A19C19-AA5F-4990-BE04-34F0A225699D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D60C95A0-4B33-416B-8FE0-490FEA7B0A7B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{37521B48-29ED-4587-AD69-4F100DF5F5F6}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{70D2486B-B649-42F3-B6F7-39B1CA62EB78}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= UDP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component "UDP Query User{9ACBBBC8-A4AB-40D9-B7B7-C666B32051A5}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= TCP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component "TCP Query User{B19538FE-A1C9-4D28-BD5E-08CFBF8C330B}C:\\program files\\winscp\\winscp.exe"= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client "UDP Query User{C7BEEE9E-4F04-42A0-A48C-BF0578CAC521}C:\\program files\\winscp\\winscp.exe"= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-08-17 15:58] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 14:24] R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5090ebe5-5796-11dc-9727-001150c6352e}] \shell\Auto\command - UFO.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b300e99f-0aee-11dd-b6e3-001150c6352e}] \shell\Auto\command - K:\UFO.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\UFO.exe . Inhoud van de 'Gedeelde Taken' map "2008-04-20 19:03:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-04-20 19:00:54 C:\Windows\Tasks\User_Feed_Synchronization-{F3506F30-F03C-4547-B24B-ED550C9E79FF}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 21:03:18 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-20 21:05:06 ComboFix-quarantined-files.txt 2008-04-20 19:04:24 ComboFix2.txt 2008-04-20 12:08:02 Pre-Run: 29,482,143,744 bytes beschikbaar Post-Run: 29,264,633,856 bytes beschikbaar 306 --- E O F --- 2008-04-18 14:18:13 en hijackthis log: (trouwens nu als administrator uitgevoerd...) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:24:49, on 20-4-2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Windows\System32\mobsync.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 11278 bytes

Om precies te zijn is sjuddtki.dll de foutmelding bij het opstarten.

Stap 3 nu ook voltooid. Bij het opnieuw opstarten krijg ik wat dll fouten (uit de temp map). We zijn ook nog niet klaar, dat weet ik Ik hoor graag weer wat van u Xeno logs: ComboFix 08-04-18.3 - Bart 2008-04-20 14:04:32.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1087 [GMT 2:00] Gestart vanuit: D:\Bart Gebruikersbestanden\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\x64 . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))) . 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-04-20 13:39 . 2008-04-20 13:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-20 12:20 . 2008-04-20 12:20 <DIR> d-------- C:\Users\All Users\qpucxfsd 2008-04-20 12:20 . 2008-04-20 12:20 <DIR> d-------- C:\ProgramData\qpucxfsd 2008-04-20 12:02 . 2008-04-20 12:02 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-20 10:16 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\vrwwrtxr 2008-04-20 10:16 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\vrwwrtxr 2008-04-19 13:39 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\wcjezcww 2008-04-19 13:39 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\wcjezcww 2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-19 13:15 . 2008-04-19 13:39 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-04-19 13:15 . 2008-04-19 13:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-19 12:53 . 2008-04-19 12:53 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-04-19 11:16 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Software 2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\Users\All Users\NCH Swift Sound 2008-04-19 11:15 . 2008-04-19 11:16 <DIR> d-------- C:\ProgramData\NCH Swift Sound 2008-04-19 11:13 . 2008-04-19 11:13 <DIR> d-------- C:\Users\Bart\AppData\Roaming\NCH Swift Sound 2008-04-19 11:13 . 2008-04-19 11:16 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-04-19 04:06 . 2005-02-24 12:10 2,084,864 --a------ C:\Windows\System32\AudDesign.dll 2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\qzgnljpo 2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\Users\All Users\gncvojml 2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\qzgnljpo 2008-04-19 03:58 . 2008-04-20 13:48 <DIR> d-------- C:\ProgramData\gncvojml 2008-04-16 15:55 . 2008-04-16 15:55 <DIR> d-------- C:\Program Files\WinSCP 2008-04-16 13:48 . 2008-04-16 13:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-04-16 13:26 . 2008-04-16 13:26 <DIR> d-------- C:\PerfLogs 2008-04-16 12:33 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-04-16 12:32 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-04-16 12:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-04-16 12:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-04-16 12:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-04-16 12:29 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-04-16 12:29 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-04-16 12:29 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-04-16 12:29 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-04-15 18:32 . 2008-04-16 13:48 49 --a------ C:\Windows\NeroDigital.ini 2008-04-15 18:30 . 2007-09-28 14:27 19,840 --a------ C:\Windows\System32\drivers\StMp3Rec.sys 2008-04-15 18:29 . 2008-04-15 18:30 <DIR> d-------- C:\Philips 2008-04-15 15:12 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS 2008-04-15 15:12 . 2007-05-09 11:00 159,744 --a------ C:\Windows\System32\WkWin32.dll 2008-04-15 15:12 . 2007-05-09 11:00 72,704 --a------ C:\Windows\System32\drivers\WibuKey.sys 2008-04-15 15:12 . 2007-05-09 11:00 16,384 --a------ C:\Windows\System32\drivers\Wibukey2.sys 2008-04-15 15:10 . 2008-04-16 00:07 <DIR> d-------- C:\Program Files\Graphisoft 2008-04-14 19:26 . 2008-04-16 23:26 <DIR> d-------- C:\Users\Bart\Graphisoft 2008-04-14 19:26 . 2008-04-14 19:54 <DIR> d-------- C:\Users\Bart\AppData\Roaming\Graphisoft 2008-04-14 19:07 . 2008-04-15 15:12 <DIR> d-------- C:\Program Files\WIBUKEY 2008-04-14 19:07 . 2008-04-16 00:08 9,346 --a------ C:\Windows\vpd.properties 2008-04-09 22:32 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe 2008-04-09 22:32 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe 2008-04-09 22:32 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll 2008-04-09 22:32 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll 2008-04-09 22:32 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-04-09 22:32 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-04-09 22:32 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-09 22:32 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-09 22:32 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-04-09 22:32 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-09 22:31 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-04-09 22:31 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-04-09 22:30 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-04-09 22:30 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 12:01 --------- d-----w C:\Users\Bart\AppData\Roaming\Skype 2008-04-20 11:24 --------- d-----w C:\ProgramData\FreePDF 2008-04-20 08:29 --------- d-----w C:\ProgramData\Google Updater 2008-04-20 08:29 --------- d-----w C:\Program Files\Picasa2 2008-04-20 08:15 --------- d-----w C:\Users\Bart\AppData\Roaming\skypePM 2008-04-19 01:29 --------- d-----w C:\Users\Bart\AppData\Roaming\uTorrent 2008-04-18 07:00 --------- d-----w C:\Program Files\Google 2008-04-16 11:34 174 --sha-w C:\Program Files\desktop.ini 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Mail 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Journal 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Defender 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-16 11:27 --------- d-----w C:\Program Files\Windows Calendar 2008-04-16 11:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-04-16 11:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-15 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-07 13:41 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-17 18:29 --------- d-----w C:\Program Files\Java 2008-03-05 20:29 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-05 16:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 16:36 --------- d-----w C:\Program Files\Windows Live 2008-03-05 16:34 --------- d-----w C:\ProgramData\WLInstaller 2008-03-01 13:21 --------- d-----w C:\Program Files\MSN Messenger 2008-02-27 13:19 --------- d-----w C:\Program Files\Belastingdienst 2008-02-25 14:45 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-25 14:45 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-25 14:44 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys 2008-02-22 13:21 --------- d-----w C:\Program Files\Tsview.win 2008-02-11 18:13 539,160 ----a-w C:\Windows\System32\igfxcfg.exe 2008-02-11 18:13 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe 2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxzoom.exe 2008-02-11 18:13 170,520 ----a-w C:\Windows\System32\igfxext.exe 2008-02-11 18:13 166,424 ----a-w C:\Windows\System32\hkcmd.exe 2008-02-11 18:13 141,848 ----a-w C:\Windows\System32\igfxtray.exe 2008-02-11 18:13 133,656 ----a-w C:\Windows\System32\igfxpers.exe 2008-02-11 17:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll 2008-02-11 17:36 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll 2008-02-11 17:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin 2008-02-11 17:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin 2008-02-11 17:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin 2008-02-11 17:01 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll 2008-02-11 17:01 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll 2008-02-11 16:48 245,760 ----a-w C:\Windows\System32\igfxTMM.dll 2008-02-11 16:47 69,632 ----a-w C:\Windows\System32\oemdspif.dll 2008-02-11 16:47 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll 2008-02-11 16:47 24,576 ----a-w C:\Windows\System32\igfxexps.dll 2008-02-11 16:47 204,800 ----a-w C:\Windows\System32\igfxpph.dll 2008-02-11 16:46 3,293,184 ----a-w C:\Windows\System32\igfxress.dll 2008-02-11 16:46 204,800 ----a-w C:\Windows\System32\igfxdev.dll 2008-02-11 16:46 135,168 ----a-w C:\Windows\System32\igfxdo.dll 2008-02-11 16:46 106,496 ----a-w C:\Windows\System32\hccutils.dll 2007-09-30 12:39 103,736 ----a-w C:\Users\Bart\AppData\Roaming\GDIPFONTCACHEV1.DAT 2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-22 10:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-22 10:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 23:59 68856] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "qzgnljpo"="C:\ProgramData\qzgnljpo\ongfebcn.exe" [ ] "VMkb4HTjpS"="C:\ProgramData\gncvojml\knqbgbup.exe" [ ] "wcjezcww"="C:\ProgramData\wcjezcww\snmvuxep.exe" [ ] "vrwwrtxr"="C:\ProgramData\vrwwrtxr\snmvuxep.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-02 11:11 3772416 C:\Windows\RtHDVCpl.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-08-17 15:59 258134] "FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-23 22:19:31 692224] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 11:14:28 421888] Network Server.lnk - C:\Program Files\WIBUKEY\Server\WkSvMgr.exe [2008-04-15 15:13:13 3768320] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{9640623C-8418-4177-AF8F-A674FF80DF4F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{8F984C0E-7AE6-4E47-8755-4CA668323F1B}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{79CDA76A-A6BB-41BE-B529-E65EAC89D96C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{F6F602E8-09DD-4382-B059-C082E64DC644}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{7605BB9A-2523-4DAE-AF41-C98DC4A2C9D6}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{4EC2C31A-026E-4555-8870-4B597F6034BF}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{A2D57D95-1C34-4909-8C66-CED6173B3A53}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{1B8A60B7-AE60-4609-8D59-7177F3C284E7}C:\\users\\bart\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bart\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{405FC589-26B4-4E96-B7B7-13D1E22FB063}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{A1A05DB9-EDE7-4354-B6A5-DFB1658D20FA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{23FA42BD-6E9D-4DBD-99A8-BB02C63092C0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{C9D310DC-97F7-412A-9E23-28A4D4F429A8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{C3504007-C8E0-402E-8438-DCC2ABD6CF3A}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= UDP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp "UDP Query User{9433D19C-E2B0-4E14-AE35-E858EFF16A79}C:\\program files\\windows mobile developer power toys\\activesync_remote_display\\asrdisp.exe"= TCP:C:\program files\windows mobile developer power toys\activesync_remote_display\asrdisp.exe:ASRDisp "{BB1F8097-458D-4286-8C13-CA6504A751F7}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{140D725A-8DD0-4E60-8ADD-86071C36FE3A}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "TCP Query User{FDAA8CC2-A234-4EC3-84E5-73795F75CCEA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{701849C1-DA41-42EA-8BA3-040D08C0C5C5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{8D473774-4EF3-476C-A78E-AFB6318910D8}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{B4C0FB00-7F52-4A1D-BEE3-6EC54B6CC94F}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS "{51B14973-C532-49EF-A60B-99F4B2AF967B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{69E389A6-1D27-4FE2-B35E-C58DCFF9F836}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{98300E0C-ED17-4712-B94F-52AB5C223889}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= UDP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver "UDP Query User{8594B12E-929D-4578-81EC-393D1FEAEF7E}C:\\program files\\maple 7\\bin.wnt\\mserver.exe"= TCP:C:\program files\maple 7\bin.wnt\mserver.exe:mserver "TCP Query User{F8FEF068-1373-4630-9F4E-B7B924C3D314}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek "UDP Query User{E26C7FB7-DD42-442F-9EC7-9C4174ABCDD1}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek "TCP Query User{489A21C4-CD64-41D4-A9B9-6AFA8C19C0A5}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek "UDP Query User{933ECCF3-D503-4E20-8904-8574B0F1830F}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek "{040BAAB3-582D-4025-92DC-616AFA00D020}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{AA6E563A-0635-427A-9668-D4A4A94BAD1D}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{724BE152-0FB7-4685-B17E-DF6AA5875875}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{4A331558-8C48-41E7-A4A2-21188DDCE254}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{BD73F861-354D-449E-BF9D-24B949A79380}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{49BF5D41-A2CD-4558-9E02-7DC5B71E80D5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{19A19C19-AA5F-4990-BE04-34F0A225699D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D60C95A0-4B33-416B-8FE0-490FEA7B0A7B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{37521B48-29ED-4587-AD69-4F100DF5F5F6}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{70D2486B-B649-42F3-B6F7-39B1CA62EB78}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= UDP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component "UDP Query User{9ACBBBC8-A4AB-40D9-B7B7-C666B32051A5}C:\\program files\\graphisoft\\archicad 11\\archicad.exe"= TCP:C:\program files\graphisoft\archicad 11\archicad.exe:ArchiCAD 11.0.0 Component "TCP Query User{B19538FE-A1C9-4D28-BD5E-08CFBF8C330B}C:\\program files\\winscp\\winscp.exe"= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client "UDP Query User{C7BEEE9E-4F04-42A0-A48C-BF0578CAC521}C:\\program files\\winscp\\winscp.exe"= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-08-17 15:58] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-16 14:24] R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-18 09:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5090ebe5-5796-11dc-9727-001150c6352e}] \shell\Auto\command - UFO.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b300e99f-0aee-11dd-b6e3-001150c6352e}] \shell\Auto\command - K:\UFO.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\UFO.exe *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2008-04-20 12:03:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-04-20 11:55:12 C:\Windows\Tasks\User_Feed_Synchronization-{F3506F30-F03C-4547-B24B-ED550C9E79FF}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 14:06:34 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\BsLangInDepRes.dll . Voltooingstijd: 2008-04-20 14:08:01 ComboFix-quarantined-files.txt 2008-04-20 12:07:22 Pre-Run: 29,988,839,424 bytes beschikbaar Post-Run: 29,838,258,176 bytes beschikbaar 273 --- E O F --- 2008-04-18 14:18:13 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:42, on 20-4-2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\qzgnljpo\ongfebcn.exe C:\ProgramData\gncvojml\knqbgbup.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljjgGVpM.dll,#1 O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Bart\AppData\Local\Temp\urqRHxxY.dll,#1 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 11966 bytes

Dank! Ik heb stap 1 en 2 nu gedaan. Hier de logs: Dan ga ik nu voor stap 3. Malwarebytes' Anti-Malware 1.11 Database versie: 660 Scan type: Snelle Scan Objecten gescand: 36391 Verstreken tijd: 6 minute(s), 25 second(s) Geheugenprocessen geïnfecteerd: 2 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 10 Registerwaarden geïnfecteerd: 10 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 21 Geheugenprocessen geïnfecteerd: C:\ProgramData\qzgnljpo\ongfebcn.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\ProgramData\gncvojml\knqbgbup.exe (Trojan.FakeAlert) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\Users\Bart\AppData\Local\Temp\qoMgdDts.dll (Trojan.Vundo) -> Unloaded module successfully. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{6a6eae1b-4ad6-4035-974d-504d6dbaa9c3} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzgnljpo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VMkb4HTjpS (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcjezcww (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vrwwrtxr (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a6eae1b-4ad6-4035-974d-504d6dbaa9c3} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8583261 (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\ProgramData\qzgnljpo\ongfebcn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\ProgramData\gncvojml\knqbgbup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\qoMgdDts.dll (Trojan.Vundo) -> Delete on reboot. C:\ProgramData\wcjezcww\snmvuxep.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\ProgramData\vrwwrtxr\snmvuxep.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\ljjgGVpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\ddcAqNfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\hgGxVOHw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\mlJBRKBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\qoMdBTjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\rqRKCrQG.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\tmp000124f8 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\tmp000128e0 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\tmp00012e10 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\tmp00013e2d (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\tmp00014ee6 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\tuvSMdcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\npqtsrak.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll (Trojan.Agent) -> Delete on reboot. C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\pmsoarbf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:42, on 20-4-2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\qzgnljpo\ongfebcn.exe C:\ProgramData\gncvojml\knqbgbup.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljjgGVpM.dll,#1 O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Bart\AppData\Local\Temp\urqRHxxY.dll,#1 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 11966 bytes

PS, tevens komt er een melding die abebot wil installeren (c:\ windows\wml.exe)

Hallo, Ik heb sinds gisteren last van TrojanDownloader.xs http://www.pc-helpforum.be/f163/antispyware-reviews-biz-9089/ Sinds vandaag heb ik ook deze gezien: system integrity scan wizard http://www.pc-helpforum.be/f163/system-integrity-scan-wizard-9194/ Ook heb ik nu last van tabbladen die worden geopend en een popup (poker, playastation etc) Ik draai Avast en Spybot, overigens spybot wil veel blokkeren bij opstarten. Oneindig? Ik heb de keuzes even links laten liggen. Ik hoop dat jullie mij kunen helpen! Alvast onwijs bedankt. mijn log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:42, on 20-4-2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\ProgramData\qzgnljpo\ongfebcn.exe C:\ProgramData\gncvojml\knqbgbup.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/ig&followup=http://www.google.com/ig&cd=US&hl=nl&nui=1&ltmpl=default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljjgGVpM.dll,#1 O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [qzgnljpo] C:\ProgramData\qzgnljpo\ongfebcn.exe O4 - HKCU\..\Run: [VMkb4HTjpS] C:\ProgramData\gncvojml\knqbgbup.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Bart\AppData\Local\Temp\geBsqrpM.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Bart\AppData\Local\Temp\urqRHxxY.dll,#1 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [wcjezcww] C:\ProgramData\wcjezcww\snmvuxep.exe O4 - HKCU\..\Run: [vrwwrtxr] C:\ProgramData\vrwwrtxr\snmvuxep.exe O4 - HKCU\..\Run: [d8583261] rundll32.exe "C:\Users\Bart\AppData\Local\Temp\sjuddtki.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user') O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Network Server.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 11966 bytes

Beste allemaal, Sinds enge tijd heb ik hetzelfde probleem als kevkeds. Zouden jullie mij hierbij willen helpen? Kan ik dezelfde stappen uitvoeren welke kevkeds ook moest doen, of willen jullie ook mijn tussentijdse stappen en logs zien. Alvast zeer vriendelijk bedankt!!