Eggy

Om te beginnen, werk je draadloos of in netwerk? Dan moet je je 'port forwarden'. Dit kan je doen via 'options' > 'speedguide' en dan 'test if port is forwarded properly' Dan ook: 'Global maximum number of connections' = 400. 'Maximum number of connected peers per torrent' = 300. Tijdens het downloaden moet het netwerkicoontje onderaan groen zijn. Nu is het ook wel zo dat alles er van af hangt waar je je ergens bevindt op de 'lijn'. Zoals ik zei haal in 600 tot 700 kb/s en download bv een film in 20 tot 45 min. Mijn broer heeft dezelfde provider (telenet) en haalt 1.300 tot 1.400 kb/s en download een film van 700 Mb in 7 tot 8 minuten. Ik heb verder ook geen uitleg voor het verschil in snelheid. Groetjes

Zoals aarondk1 al zei, je kan de upload niet volledig afzetten en je moet ook opletten om de upload niet te weinig te zetten omdat dit invloed heeft op de downloadsnelheid. Ik heb zelf µtorrent 1.8 en plaatste de upload op 10 kb/s. Ik heb hier wat mee moeten experimenten. Nu heb ik een gemiddelde downloadsnelheid van zo'n 600 tot 700 kb/s. Dus de opload volledig afzetten gaat echt niet.

Yep, dat probleem herken ik. Wekelijks moet ik mijn herstelpunten, goed voor 5 tot 10 GB, verwijderen om ruimte vrij te maken. Ik draai ook Vista. Per dag (afhankelijk van hoe lang je PC opstaat) worden verschillende herstelpunten aangemaakt. Ik verwijder ze elke week door configuratiescherm>systeem>systeembeveiliging en dan de C-schijf uitvinken en toepassen. Je hoort dan de harde schijf hard werken om de herstelpunten te verwijderen. Daarna wel de C-schijf terug aanvinken en toepassen en een nieuw herstelpunt aanmaken. Zoals ik al eerder zei scheelt dat wekelijks 5 tot 10 GB. Ik weet ook niet waarom Vista zoveel herstelpunten aanmaakt per dag (soms 5 tot 6). Ik weet ook niet hoe dit te regelen valt. Ik vind nergens een manier om een bepaald maximum volume toe te kennen voor herstelpunten. Als iemand op dit forum dit weet hoor ik het graag. Groetjes

Neen, de regel bleef bestaan. Ik kon de regel enkel verwijderen met 'add checked to ignorelist'. Maar blijkbaar werkt mijn systeem goed dus... Alleszins erg bedankt. Groetjes

De laatste regel van Hijack This: 'O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing)' heb ik kunnen verwijderen door de optie 'add checked to ignorelist'. Ik neem aan dat je deze werkwijze bedoelde?

Oké, bedankt. Zal er dadelijk werk van maken. Heb zojuist MBAM op full scan laten draaien en hij haalde er nog 1 'rogue installer' en 2 'trojan agent' uit. Heb deze verwijderd.

Ik heb het weer eens gelapt. Een file gedownload en alle bellen en toeters van mijn systeem gingen rinkelen. Met MBAM heb vermoedelijk alles er vanaf gekregen. Als nu iemand eens een kijkje nam naar mijn hijack this log en mij iets laat weten dat mijn systeem ok is. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:10:17, on 10/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing) -- End of file - 7715 bytes Groetjes

DVD FLICK is gratis (open source). Link hier DVD Flick Is een vrij éénvoudig progje maar het converteren duurt wel wat langer. Ik gebruikte het voor ik 'convertXtoDvD' gebruikte.

Je kan ook WINAVI http://www3.winavi.com/download/WinAVI_Video_Converter.exe downloaden. Is niet gratis maar je kan het een tijdje gebruiken. Dan kan de MPEG files converteren naar WMV en die zijn een flink stuk kleiner en afspeelbaar op WMP.

Niet. Een *.avi blijft een avi file. Een *.srt blijft een srt file. Zoals Masters uitlegde kan je de avi (of in jouw geval de mp4) afspelen met VLC player of WMP 11 enkel als ze in dezelfde map zijn en exact dezelfde naam hebben. Bv: Rambo[2008]DvDrip[Eng]-aXXo.avi Rambo[2008]Dvdrip[Eng]-aXXo.srt Het zullen dus altijd twee afzonderlijke files blijven. Je kan de twee wel samen converteren naar DVD formaat en dan pas worden ze één.

Erg bedankt nogmaals. Ik ben blij dat er mensen zijn die er zoveel kennis, energie en tijd insteken. En als diegenen die er zoveel tijd en energie in steken om 'beestjes' te maken nu die energie en kennis gebruikten om het WWW aangenaam te maken. Maar ja, een eutophie. Groetjes

Logfile GV_Killer_01.txt v7.0.7 - Copyright © GV_Soft Guido Vaesen Rapport datum: 15/05/2008 17:10:02 log van Gebruiker , Beheerder van deze computer Platform: Windows Vista NLD Normale modus BEGIN Geplande taken----------------------------------------------------------------- C:\Windows\tasks\Controleren op updates voor Windows Live Toolbar.job C:\Windows\tasks\SCHEDLGU.TXT EINDE Geplande taken----------------------------------------------------------------- Lijst Notify keys-------------------------------------------------------------------- HKLM\software\microsoft\windows nt\currentversion\winlogon\notify Einde Notify keys-------------------------------------------------------------------- Verklaring Errorcodes---------------------------------------------------------------- code 00 : Bestand is verwijderd. code 53 : Bestand of map werd niet gevonden op uw PC. code 70 : Bestand was in gebruik. code 75 : Services zijn nog geladen of bestand in gebruik. code M0 : Map is verwijderd. code ML : Map is volledig leeg gemaakt. code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt. code MV : Map werd niet gevonden op uw PC, is niet verwijderd. code K0 : Register key is verwijderd. Einde Errorcodes-------------------------------------------------------------------- BEGIN Inhoud van Input.txt----------------------------------------------------------- *SC DELETE VundoFixSvc* *c:\windows\system32\vundofixsvc.exe* EINDE Inhoud van Input.txt----------------------------------------------------------- 00 c:\windows\system32\vundofixsvc.exe* ;0289580-OEM-7332132-00031=1A2B3C4D10 ;EINDE GV_Killer --------------------------------------------------------------------- Moet er nog iets gebeuren? Groetjes

Oeps, dikke vingers gehad, dubbel verzonden, sorry!

Alles uitgevoerd zoals voorgeschreven. Voor de zekerheid nog een logje van ComboFix: ComboFix 08-05-12.1 - Gebruiker 2008-05-14 22:24:49.6 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2095 [GMT 2:00] Gestart vanuit: C:\temp\ComboFix.exe Command switches used :: D:\Mijn dokumenten\Brieven\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))) . 2008-05-14 22:23 . 2008-05-14 22:23 1,914,914 --a------ C:\temp\ComboFix.exe 2008-05-14 21:29 . 2008-05-14 21:30 <DIR> d-------- C:\JKDefrag 2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-13 12:20 . 2008-05-13 13:15 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TM.blf 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-13 10:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-05-13 10:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\ProgramData\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live 2008-05-13 09:41 . 2008-05-13 09:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard 2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts 2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7 2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini 2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit 2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software 2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser 2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin 2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic 2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick 2008-04-21 17:28 . 2008-05-14 10:41 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag 2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles 2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll 2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll 2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll 2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll 2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire 2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-14 19:25 --------- d-----w C:\ProgramData\Google Updater 2008-05-14 19:14 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-05-14 09:11 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-14 08:41 --------- d---a-w C:\ProgramData\TEMP 2008-05-13 08:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2008-05-13 08:04 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys 2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel 2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent 2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet 2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso 2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager 2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA 2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB 2008-04-24 20:17 --------- d-----w C:\Program Files\Google 2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft 2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail 2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire 2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe 2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll 2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4 2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes 2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer 2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer 2008-03-29 10:13 --------- d-----w C:\Program Files\iPod 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD 2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml 2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia 2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations 2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel 2008-03-15 23:20 --------- d-----w C:\Program Files\Corel 2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys 2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys 2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe 2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip 2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip 2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip 2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys 2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe 2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\Windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30] S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37] S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50] S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50] S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45] S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38] S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28] S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29] S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26] S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map "2008-05-14 20:17:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-14 22:26:03 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-05-14 22:26:46 ComboFix-quarantined-files.txt 2008-05-14 20:26:34 Pre-Run: 219,546,304,512 bytes beschikbaar Post-Run: 219,534,774,272 bytes beschikbaar 255 --- E O F --- 2008-05-14 09:11:56 En nu we er toch zijn nog ene van HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:33:26, on 14/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 7112 bytes Please, zeg me nu dat ik er van af ben! :s Toch wreed bedankt voor de hulp!

Alles uitgevoerd zoals voorgeschreven. Voor de zekerheid nog een logje van ComboFix: ComboFix 08-05-12.1 - Gebruiker 2008-05-14 22:24:49.6 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2095 [GMT 2:00] Gestart vanuit: C:\temp\ComboFix.exe Command switches used :: D:\Mijn dokumenten\Brieven\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))) . 2008-05-14 22:23 . 2008-05-14 22:23 1,914,914 --a------ C:\temp\ComboFix.exe 2008-05-14 21:29 . 2008-05-14 21:30 <DIR> d-------- C:\JKDefrag 2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-13 12:20 . 2008-05-13 13:15 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TM.blf 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-13 10:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-05-13 10:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\ProgramData\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live 2008-05-13 09:41 . 2008-05-13 09:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard 2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts 2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7 2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini 2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit 2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software 2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser 2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin 2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic 2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick 2008-04-21 17:28 . 2008-05-14 10:41 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag 2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles 2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll 2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll 2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll 2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll 2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire 2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-14 19:25 --------- d-----w C:\ProgramData\Google Updater 2008-05-14 19:14 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-05-14 09:11 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-14 08:41 --------- d---a-w C:\ProgramData\TEMP 2008-05-13 08:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2008-05-13 08:04 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys 2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel 2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent 2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet 2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso 2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager 2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA 2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB 2008-04-24 20:17 --------- d-----w C:\Program Files\Google 2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft 2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail 2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire 2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe 2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll 2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4 2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes 2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer 2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer 2008-03-29 10:13 --------- d-----w C:\Program Files\iPod 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD 2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml 2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia 2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations 2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel 2008-03-15 23:20 --------- d-----w C:\Program Files\Corel 2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys 2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys 2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe 2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip 2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip 2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip 2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys 2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe 2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\Windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30] S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37] S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50] S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50] S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45] S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38] S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28] S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29] S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26] S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map "2008-05-14 20:17:00 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-14 22:26:03 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-05-14 22:26:46 ComboFix-quarantined-files.txt 2008-05-14 20:26:34 Pre-Run: 219,546,304,512 bytes beschikbaar Post-Run: 219,534,774,272 bytes beschikbaar 255 --- E O F --- 2008-05-14 09:11:56 En nu we er toch zijn nog ene van HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:33:26, on 14/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 7112 bytes Please, zeg me nu dat ik er van af ben! Toch wreed bedankt voor de hulp!

Defrag in Vista is zeker niet snel te noemen, maar sinds ik al Auslogic in XP gebruikte heb ik er weinig ervaring mee. Ik zal JK Defrag eens testen. Bedankt. Groetjes

Oké, erg bedankt voor de tijd die je in mijn probleem hebt gestoken. Ik zal combofix erop laten staan. En als ik dus goed begrepen heb deugt Auslogic disk defrag niet. Heb jij suggesties voor het defragmenteren of moet ik maar het programma gebruiken wat in Vista zit? Groetjes

Oké, hier gaan we dan weer: MBAM log: Malwarebytes' Anti-Malware 1.12 Database versie: 744 Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 149363 Verstreken tijd: 17 minute(s), 32 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Combo Fix log: ComboFix 08-05-12.1 - Gebruiker 2008-05-13 22:46:02.5 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2089 [GMT 2:00] Gestart vanuit: C:\temp\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))) . 2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-13 12:20 . 2008-05-13 13:15 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-13 12:20 . 2008-05-13 13:15 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{6bc73509-20cb-11dd-9f81-001617bd84e2}.TM.blf 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-13 10:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-05-13 10:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-05-13 10:25 . 2008-05-13 10:25 1,649,976 --a------ C:\temp\mbam-setup.exe 2008-05-13 10:13 . 2008-05-13 10:13 1,914,914 --a------ C:\temp\ComboFix.exe 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\ProgramData\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live 2008-05-13 09:41 . 2008-05-13 09:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard 2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts 2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7 2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini 2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit 2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software 2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser 2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin 2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic 2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick 2008-04-21 17:28 . 2008-04-21 17:28 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag 2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles 2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll 2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll 2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll 2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll 2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire 2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 20:14 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-05-13 10:57 --------- d-----w C:\ProgramData\Google Updater 2008-05-13 10:21 --------- d---a-w C:\ProgramData\TEMP 2008-05-13 08:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2008-05-13 08:04 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys 2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel 2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent 2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet 2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso 2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager 2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA 2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB 2008-04-24 20:17 --------- d-----w C:\Program Files\Google 2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft 2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail 2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire 2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-04-09 08:29 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe 2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll 2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4 2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes 2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer 2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer 2008-03-29 10:13 --------- d-----w C:\Program Files\iPod 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD 2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml 2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia 2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations 2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel 2008-03-15 23:20 --------- d-----w C:\Program Files\Corel 2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys 2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys 2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe 2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip 2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip 2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip 2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys 2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe 2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FBC4632-32E5-48B2-B4B3-0886717FC73D}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\Windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30] S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37] S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50] S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50] S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45] S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38] S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28] S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29] S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26] S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map "2008-05-13 20:18:18 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 22:47:32 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-05-13 22:48:43 ComboFix-quarantined-files.txt 2008-05-13 20:48:36 Pre-Run: 226,830,999,552 bytes beschikbaar Post-Run: 226,798,399,488 bytes beschikbaar 254 --- E O F --- 2008-05-09 07:19:53 HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:51:46, on 13/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6FBC4632-32E5-48B2-B4B3-0886717FC73D} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 7006 bytes Ik hoop dat het nu genezen is. Laat mij iets weten aub. PC werkt blijkbaar terug normaal. Groetjes

Oké, no probs. 't Zal alleen voor deze avond zijn want ik moet gaan werken. Doei

Ho ja, Xeno, in tegenstelling tot wat de log van MBAM zegt heb ik wel degelijk 'actie genomen' en deze items verwijdert. 'Bestanden geïnfecteerd: C:\Windows\System32\geBrsRLD.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\DLRsrBeg.ini (Trojan.Vundo) -> No action taken. C:\Windows\System32\DLRsrBeg.ini2 (Trojan.Vundo) -> No action taken. C:\Windows\System32\owrctdue.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\eudtcrwo.ini (Trojan.Vundo) -> No action taken. C:\Windows\System32\opnlIcAs.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\efCVpNHW.dll (Trojan.Vundo) -> No action taken. C:\Windows\AutoUpdateWin31.dll (Adware.Agent) -> No action taken. C:\Windows\AutoUpdateWin33.exe (Adware.Agent) -> No action taken. C:\Windows\System32\khffCvSk.dll (Trojan.Vundo) -> No action taken.'

Hier gaan we dan: Log MBAM: Malwarebytes' Anti-Malware 1.12 Database versie: 744 Scan type: Snelle Scan Objecten gescand: 34155 Verstreken tijd: 1 minute(s), 52 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 3 Registersleutels geïnfecteerd: 20 Registerwaarden geïnfecteerd: 3 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 10 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\Windows\System32\geBrsRLD.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\owrctdue.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\opnlIcAs.dll (Trojan.Vundo) -> No action taken. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ebc0ad3-671d-4f75-9981-28f61c26bdce} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{2ebc0ad3-671d-4f75-9981-28f61c26bdce} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{97f7302a-147c-4435-901c-184375993be6} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\Interface\{841098dc-eea3-4332-9c67-51cf88fe66a7} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{9e15cbba-a508-4838-ac11-8d44be41cea9} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{5533d5e4-e28a-4e81-8397-2a8309f2a21a} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{beb03003-ac27-4fda-96d5-d7566c4498d3} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{f02f25f7-ff6c-423a-9d16-504df8b36772} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ae6fee2c-d9dc-4b46-847d-fc89810dc2b0} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{6e942b1a-d9bd-4945-bdce-093970028aa9} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\pvnsmfor.bnwx (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\qvdntlmw.bmsb (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> No action taken. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\00369ead (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{97f7302a-147c-4435-901c-184375993be6} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> No action taken. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrsrld -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrsrld -> No action taken. Mappen geïnfecteerd: C:\ProgramData\Adsl Software Limited (Rogue.MalWarrior) -> No action taken. C:\ProgramData\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> No action taken. Bestanden geïnfecteerd: C:\Windows\System32\geBrsRLD.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\DLRsrBeg.ini (Trojan.Vundo) -> No action taken. C:\Windows\System32\DLRsrBeg.ini2 (Trojan.Vundo) -> No action taken. C:\Windows\System32\owrctdue.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\eudtcrwo.ini (Trojan.Vundo) -> No action taken. C:\Windows\System32\opnlIcAs.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\efCVpNHW.dll (Trojan.Vundo) -> No action taken. C:\Windows\AutoUpdateWin31.dll (Adware.Agent) -> No action taken. C:\Windows\AutoUpdateWin33.exe (Adware.Agent) -> No action taken. C:\Windows\System32\khffCvSk.dll (Trojan.Vundo) -> No action taken. Log combofix: ComboFix 08-05-12.1 - Gebruiker 2008-05-13 11:00:31.4 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2222 [GMT 2:00] Gestart vanuit: C:\temp\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))) . 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-05-13 10:26 . 2008-05-13 10:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-13 10:26 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-05-13 10:26 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-05-13 10:25 . 2008-05-13 10:25 1,649,976 --a------ C:\temp\mbam-setup.exe 2008-05-13 10:13 . 2008-05-13 10:13 1,914,914 --a------ C:\temp\ComboFix.exe 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-13 09:45 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:41 <DIR> d-------- C:\ProgramData\WLInstaller 2008-05-13 09:41 . 2008-05-13 09:45 <DIR> d-------- C:\Program Files\Windows Live 2008-05-13 09:41 . 2008-05-13 09:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard 2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts 2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7 2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini 2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit 2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software 2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser 2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin 2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic 2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick 2008-04-21 17:28 . 2008-04-21 17:28 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag 2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles 2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll 2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll 2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll 2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll 2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire 2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 09:03 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-05-13 08:04 --------- d---a-w C:\ProgramData\TEMP 2008-05-13 08:04 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2008-05-13 08:04 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys 2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel 2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent 2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet 2008-05-12 09:57 --------- d-----w C:\ProgramData\Google Updater 2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso 2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager 2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA 2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB 2008-04-24 20:17 --------- d-----w C:\Program Files\Google 2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft 2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail 2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire 2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-04-09 08:29 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe 2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll 2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4 2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes 2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer 2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer 2008-03-29 10:13 --------- d-----w C:\Program Files\iPod 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD 2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml 2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia 2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations 2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel 2008-03-15 23:20 --------- d-----w C:\Program Files\Corel 2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys 2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys 2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe 2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip 2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip 2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip 2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys 2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe 2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-13_10.23.03.89 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-16 09:08:49 6,131,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\6ccdef9c31fa22bdef343c3457a38120\Microsoft.MediaCenter.UI.ni.dll + 2008-05-13 08:34:21 6,131,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\6ccdef9c31fa22bdef343c3457a38120\Microsoft.MediaCenter.UI.ni.dll + 2008-05-13 08:34:54 561,152 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3cdea288cefaea7d8b2cdcc8bab6ee58\Microsoft.PowerShell.ConsoleHost.ni.dll + 2008-05-13 08:35:09 36,352 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4ec92725768ac3f15e20b5e0386a9c3f\Microsoft.PowerShell.ConsoleHost.resources.ni.dll + 2008-05-13 08:35:10 176,128 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\507d07a0dbb12e8e90fd3302f7360ac7\Microsoft.PowerShell.Security.ni.dll + 2008-05-13 08:35:25 17,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5580101cb411da9b80e8e3740a23df71\Microsoft.PowerShell.Security.resources.ni.dll + 2008-05-13 08:34:22 520,192 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\aab77b950da785459abdaa37bbfa1ae1\Microsoft.PowerShell.Commands.Management.ni.dll + 2008-05-13 08:34:53 30,720 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c1d34ff6302fb433b69290a659686758\Microsoft.PowerShell.Commands.Utility.resources.ni.dll + 2008-05-13 08:34:39 1,064,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c6471afa8d78d38525ef63cc1682f7bb\Microsoft.PowerShell.Commands.Utility.ni.dll + 2008-05-13 08:34:38 19,968 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ead719f3b8e1371f6ef9436bba77c13a\Microsoft.PowerShell.Commands.Management.resources.ni.dll + 2008-05-13 08:36:27 1,720,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\750dcff9d4b9b92ec4acdc6b4cd313f8\Microsoft.VisualBasic.ni.dll + 2008-05-13 08:36:31 5,971,968 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\ac4b7736f8f783f74d8223289af9ee06\MIGUIControls.ni.dll + 2008-05-13 08:46:25 48,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\7633a09e08c8e47895c22bed87b9c939\PresentationFontCache.ni.exe + 2008-05-13 08:46:40 1,933,312 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\989aada632ef68f3f532ae9c55c2e455\PresentationUI.ni.dll - 2008-04-16 09:07:42 999,424 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\49a35f8d6b44cfe7c2a12cb873e58a22\System.IdentityModel.ni.dll + 2008-05-13 08:36:25 999,424 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\49a35f8d6b44cfe7c2a12cb873e58a22\System.IdentityModel.ni.dll + 2008-05-13 08:35:13 5,255,168 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8794e4d6b3dacd81e9475786c4e27d3e\System.Management.Automation.ni.dll - 2008-04-16 09:09:18 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll + 2008-05-13 08:46:40 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll - 2008-04-16 09:07:41 17,416,192 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3636f59e63b317ae39d71c248befa5e2\System.ServiceModel.ni.dll + 2008-05-13 08:36:24 17,416,192 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3636f59e63b317ae39d71c248befa5e2\System.ServiceModel.ni.dll - 2008-04-16 09:08:37 1,941,504 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\37f75b2b7d0b3bb5242403b9c7ffabc7\System.Web.Services.ni.dll + 2008-05-13 08:34:04 1,941,504 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\37f75b2b7d0b3bb5242403b9c7ffabc7\System.Web.Services.ni.dll - 2008-04-16 09:09:37 12,185,600 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c11c5eb32a435c14a33e62b1e150e988\System.Web.ni.dll + 2008-05-13 08:46:35 12,185,600 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c11c5eb32a435c14a33e62b1e150e988\System.Web.ni.dll + 2008-05-13 08:33:57 126,976 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\490c7fa4cbf00c2e94cdb0f54d11ca4f\WindowsLive.Client.ni.dll + 2008-05-13 08:33:56 831,488 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b34d982a8c30662f995a5e8645685bd\WindowsLive.Writer.BlogClient.ni.dll + 2008-05-13 08:33:58 573,440 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4b27db88121944b50f78c60ec4bd670f\WindowsLive.Writer.HtmlEditor.ni.dll + 2008-05-13 08:33:52 278,528 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5756a6f7a7dc40fff41520264794bcc2\WindowsLive.Writer.Mshtml.ni.dll + 2008-05-13 08:33:55 1,105,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6235e845bff9ad0db3032c398372abd9\WindowsLive.Writer.ApplicationFramework.ni.dll + 2008-05-13 08:33:51 184,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6cdb495174710f647baa831fb8cb8f3d\WindowsLive.Writer.HtmlParser.ni.dll + 2008-05-13 08:33:54 102,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\74f677a20b8f8316ea0acbeadc04b230\WindowsLive.Writer.Api.ni.dll + 2008-05-13 08:33:50 331,776 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7668b2782848131e7747ca53990c4ad1\WindowsLive.Writer.Interop.Mshtml.ni.dll + 2008-05-13 08:33:27 5,468,160 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88f92f8a6620cad9a19671cbf15e7fd8\WindowsLive.Writer.PostEditor.ni.dll + 2008-05-13 08:33:50 348,160 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\95fb61726bed07bcd2e31f8ef7ec2517\WindowsLive.Writer.Interop.SHDocVw.ni.dll + 2008-05-13 08:33:50 208,896 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b0eac75205a644f5691273d7ca2c5e4b\WindowsLive.Writer.BrowserControl.ni.dll + 2008-05-13 08:33:49 348,160 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b26284b4a784a4bd045c675ddf7a6619\WindowsLive.Writer.Interop.ni.dll + 2008-05-13 08:33:52 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b8dedb70a375aef872fee2e5a00784c6\WindowsLive.Writer.Passport.ni.dll + 2008-05-13 08:33:29 589,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb0deda97fa42eb45d425dd653f0d5e3\WindowsLive.Writer.Controls.ni.dll + 2008-05-13 08:34:00 221,184 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cf118caa37c55ae95ad7dde163d46599\WindowsLive.Writer.SpellChecker.ni.dll + 2008-05-13 08:33:53 118,784 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e527e417e7f602e8f4ca75090784777b\WindowsLive.Writer.Extensibility.ni.dll + 2008-05-13 08:34:00 155,648 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\edcd4d3cb14afc8a418f7af0b059b314\WindowsLive.Writer.FileDestinations.ni.dll + 2008-05-13 08:33:32 1,867,776 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f58bc8c84aeb3f39aae2b448b3c92cf8\WindowsLive.Writer.CoreServices.ni.dll + 2008-05-13 08:33:49 516,096 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fd1863adfd1cb749613b375067d1299a\WindowsLive.Writer.Localization.ni.dll + 2008-05-13 08:34:02 651,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\2f4411256227e9b18f2a1d0ee351907f\WindowsLiveLocal.WriterPlugin.ni.dll + 2008-05-13 08:33:19 41,472 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\38fc68d0263404cd713944ae2c225a89\WindowsLiveWriter.ni.exe - 2008-05-13 08:20:07 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-13 09:03:32 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-05-13 08:09:59 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-05-13 08:56:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-05-13 08:20:17 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-13 09:03:42 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-05-13 08:13:57 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-05-13 09:00:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-05-13 08:20:17 151,552 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-13 09:03:42 151,552 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-05-13 08:20:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-13 09:03:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-13 08:58:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051320080514\index.dat - 2008-05-13 08:20:13 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-13 09:03:36 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-14 09:30:28 75,812 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0\UserCache.bin + 2008-05-13 08:58:42 84,666 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0\UserCache.bin - 2008-05-13 08:20:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-13 09:03:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-13 08:14:20 104,570 ----a-w C:\Windows\System32\perfc009.dat + 2008-05-13 09:02:06 104,570 ----a-w C:\Windows\System32\perfc009.dat - 2008-05-13 08:14:20 123,636 ----a-w C:\Windows\System32\perfc013.dat + 2008-05-13 09:02:06 123,636 ----a-w C:\Windows\System32\perfc013.dat - 2008-05-13 08:14:20 612,848 ----a-w C:\Windows\System32\perfh009.dat + 2008-05-13 09:02:06 612,848 ----a-w C:\Windows\System32\perfh009.dat - 2008-05-13 08:14:20 692,336 ----a-w C:\Windows\System32\perfh013.dat + 2008-05-13 09:02:06 692,336 ----a-w C:\Windows\System32\perfh013.dat - 2008-05-13 08:10:06 7,846 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-363026792-639437035-2443024750-1000_UserData.bin + 2008-05-13 08:56:40 8,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-363026792-639437035-2443024750-1000_UserData.bin - 2008-05-13 08:10:05 65,322 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-13 08:56:40 65,338 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-05-13 08:10:04 34,498 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-05-13 08:56:39 34,912 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FBC4632-32E5-48B2-B4B3-0886717FC73D}] C:\Windows\system32\efcbBTKa.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\Windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30] S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37] S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50] S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50] S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45] S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38] S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28] S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29] S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26] S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map "2008-05-13 08:08:13 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 11:03:45 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe C:\Windows\System32\PSIService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Voltooingstijd: 2008-05-13 11:06:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-13 09:06:26 ComboFix2.txt 2008-05-13 08:23:31 ComboFix3.txt 2008-05-12 20:34:54 Pre-Run: 228,286,984,192 bytes beschikbaar Post-Run: 228,105,732,096 bytes beschikbaar 361 --- E O F --- 2008-05-09 07:19:53 Log HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:32, on 13/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6FBC4632-32E5-48B2-B4B3-0886717FC73D} - C:\Windows\system32\efcbBTKa.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 7213 bytes Nu blijkt met IE niet meer te blijven hangen, tot nu toch. Ik zal het in het oog houden. Alleszins erg bedankt.

Kape, tot nu toe blijven mijn internetpagina's soms 'hangen'. Ik heb nog tweemaal 'superantispyware' gedraaid maar ik krijg 'adware.Vundo Variant/Resident' er niet mee weg.

Combofix log: ComboFix 08-05-11.1 - Gebruiker 2008-05-12 22:29:06.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2075 [GMT 2:00] Gestart vanuit: C:\temp\ComboFix.exe Command switches used :: C:\Users\Gebruiker\Desktop\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\csrdqmoe.ini C:\Windows\system32\DLRsrBeg.ini C:\Windows\System32\DLRsrBeg.ini2 C:\Windows\System32\kancarnl.ini C:\Windows\System32\nbuwqwip.ini . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))) . 2008-05-12 22:32 . 2008-05-12 16:13 29,312 --a------ C:\Windows\System32\tuvTllKB.dll 2008-05-12 21:34 . 2008-05-12 21:34 1,895,716 --a------ C:\temp\ComboFix.exe 2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 20:30 . 2008-05-12 20:30 319,104 --a------ C:\Windows\System32\geBrsRLD.dll 2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 16:14 . 2008-05-12 16:14 29,312 --a------ C:\Windows\System32\efCVpNHW.dll 2008-05-12 16:13 . 2008-05-12 16:13 <DIR> d-------- C:\Users\All Users\Adsl Software Limited 2008-05-12 16:13 . 2008-05-12 16:13 <DIR> d-------- C:\ProgramData\Adsl Software Limited 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard 2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts 2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7 2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini 2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit 2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software 2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser 2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin 2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic 2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick 2008-04-21 17:28 . 2008-04-21 17:28 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag 2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles 2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll 2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll 2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll 2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll 2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire 2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager 2008-04-14 17:20 . 2008-04-14 17:20 69,632 --a------ C:\Windows\AutoUpdateWin31.dll 2008-04-14 17:20 . 2008-04-14 17:20 32,768 --a------ C:\Windows\AutoUpdateWin33.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 20:31 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-05-12 20:14 --------- d---a-w C:\ProgramData\TEMP 2008-05-12 19:54 7,308 --sha-w C:\Windows\System32\KGyGaAvL.sys 2008-05-12 19:54 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel 2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent 2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet 2008-05-12 09:57 --------- d-----w C:\ProgramData\Google Updater 2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso 2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager 2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA 2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB 2008-04-24 20:17 --------- d-----w C:\Program Files\Google 2008-04-23 22:38 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft 2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail 2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire 2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-04-09 08:29 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 08:28 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-04-09 08:26 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-04-09 08:26 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-04-09 08:25 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-04-09 08:25 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-09 08:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe 2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-03 09:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-03 09:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-03 09:28 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-03 09:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-04-03 09:28 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-03 09:28 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-04-03 09:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-03 09:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-03 09:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-04-03 09:23 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll 2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4 2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes 2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer 2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer 2008-03-29 10:13 --------- d-----w C:\Program Files\iPod 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-19 17:26 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD 2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml 2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia 2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations 2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel 2008-03-15 23:20 --------- d-----w C:\Program Files\Corel 2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys 2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys 2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-02-29 18:17 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe 2008-02-28 13:49 31,745,775 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_10_08_full.dmp.zip 2008-02-28 13:49 31,387,902 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_28_14_34_48_full.dmp.zip 2008-02-27 21:18 31,562,632 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_02_27_11_05_14_full.dmp.zip 2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys 2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe 2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D5923FE-5E66-48BB-8506-D445BE2BB555}] 2008-05-12 20:30 319104 --a------ C:\Windows\system32\geBrsRLD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FBC4632-32E5-48B2-B4B3-0886717FC73D}] C:\Windows\system32\efcbBTKa.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5673840] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "MSServer"="C:\Windows\system32\tuvTllKB.dll" [2008-05-12 16:13 29312] "00369ead"="C:\Windows\system32\piwqwubn.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] "{97F7302A-147C-4435-901C-184375993BE6}"= C:\Windows\system32\tuvTllKB.dll [2008-05-12 16:13 29312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-04 10:54 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\Windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{93116087-7167-4DEE-BBAA-968BF6EA7414}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30] S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37] S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50] S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50] S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45] S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38] S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28] S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29] S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26] S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 22:32:10 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\Windows\system32\winlogon.exe -> C:\Windows\system32\tuvTllKB.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe C:\Windows\System32\PSIService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Voltooingstijd: 2008-05-12 22:34:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-12 20:33:50 Pre-Run: 227,902,373,888 bytes beschikbaar Post-Run: 227,952,214,016 bytes beschikbaar 287 --- E O F --- 2008-05-09 07:19:53 Hijjackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37:21, on 12/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\livecall.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvTllKB.dll,#1 O4 - HKLM\..\Run: [00369ead] rundll32.exe "C:\Windows\system32\piwqwubn.dll",b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 5705 bytes Jep, nog steeds latijns!

Combofix log: ComboFix 08-05-11.1 - Gebruiker 2008-05-12 21:35:20.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2107 [GMT 2:00] Gestart vanuit: C:\temp\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Gebruiker\AppData\Roaming\inst.exe C:\Windows\norlatmx.exe C:\Windows\System32\aKTBbcfe.ini C:\Windows\System32\aKTBbcfe.ini2 C:\Windows\System32\bHhOnXbc.ini C:\Windows\System32\bHhOnXbc.ini2 C:\Windows\System32\DLRsrBeg.ini C:\Windows\System32\DLRsrBeg.ini2 C:\Windows\System32\hcxpnraa.ini C:\Windows\System32\hevxjxou.ini C:\Windows\system32\nmahympt.ini C:\Windows\system32\systeminfo3.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))) . 2008-05-12 21:38 . 2008-05-12 16:13 29,312 --a------ C:\Windows\System32\khfCrPIA.dll 2008-05-12 21:34 . 2008-05-12 21:34 1,895,716 --a------ C:\temp\ComboFix.exe 2008-05-12 21:00 . 2008-05-12 21:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 20:30 . 2008-05-12 20:30 319,104 --a------ C:\Windows\System32\geBrsRLD.dll 2008-05-12 20:22 . 2008-05-12 20:22 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-05-12 20:15 . 2008-05-12 20:50 <DIR> d-------- C:\VundoFix Backups 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000002.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 524,288 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TMContainer00000000000000000001.regtrans-ms 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{e8a930f2-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{e8a930f4-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 18:40 . 2008-05-12 19:22 65,536 --ahs---- C:\Users\Gebruiker\ntuser.dat{e8a930f6-2033-11dd-928b-001617bd84e2}.TM.blf 2008-05-12 16:14 . 2008-05-12 16:14 29,312 --a------ C:\Windows\System32\efCVpNHW.dll 2008-05-12 16:13 . 2008-05-12 16:13 <DIR> d-------- C:\Users\All Users\Adsl Software Limited 2008-05-12 16:13 . 2008-05-12 16:13 <DIR> d-------- C:\ProgramData\Adsl Software Limited 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Solveig Multimedia 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia 2008-05-12 15:55 . 2008-05-12 15:55 <DIR> d-------- C:\Program Files\Common Files\Elecard 2008-05-12 14:01 . 2008-05-12 14:01 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\CursorArts 2008-05-12 13:59 . 2008-05-12 17:44 <DIR> d-------- C:\Program Files\IconForge7 2008-05-12 13:59 . 2008-05-12 13:59 33 --a------ C:\Windows\iltwain.ini 2008-05-12 13:35 . 2008-05-12 13:35 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Eclipsit 2008-05-12 13:33 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-05-08 17:10 . 2008-05-08 17:10 <DIR> d-------- C:\Program Files\Oxygen Software 2008-05-08 16:22 . 2008-05-08 16:23 <DIR> d-------- C:\Program Files\MobiMB Mobile Media Browser 2008-05-02 14:51 . 2008-05-02 14:51 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Xara 2008-05-02 14:18 . 2008-05-02 14:18 <DIR> d-------- C:\Program Files\Common Files\Xara 2008-05-02 13:05 . 2008-05-02 13:05 <DIR> d-------- C:\Windows\LastGood.Tmp 2008-05-02 13:04 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-05-02 13:04 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin 2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Media Player Classic 2008-04-29 20:18 . 2008-04-29 20:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-04-21 19:59 . 2008-04-21 19:59 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\DVD Flick 2008-04-21 17:28 . 2008-04-21 17:28 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag 2008-04-20 22:03 . 2008-04-20 22:03 <DIR> d-------- C:\Windows\Profiles 2008-04-20 22:00 . 2008-04-20 22:04 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-04-17 19:24 . 2008-04-17 19:24 1,053,184 --a------ C:\Windows\System32\mfc71u.dll 2008-04-17 19:24 . 2008-04-17 19:24 503,808 --a------ C:\Windows\System32\msvcp71.dll 2008-04-17 19:24 . 2008-04-17 19:24 348,160 --a------ C:\Windows\System32\msvcr71.dll 2008-04-17 19:24 . 2008-04-17 19:24 258,352 --a------ C:\Windows\System32\unicows.dll 2008-04-17 19:24 . 2008-04-17 19:24 89,600 --a------ C:\Windows\System32\atl71.dll 2008-04-14 22:50 . 2008-04-14 22:50 <DIR> d-------- C:\Program Files\LimeWire 2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Users\Gebruiker\AppData\Roaming\Download Manager 2008-04-14 17:20 . 2008-04-14 17:20 69,632 --a------ C:\Windows\AutoUpdateWin31.dll 2008-04-14 17:20 . 2008-04-14 17:20 32,768 --a------ C:\Windows\AutoUpdateWin33.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 19:38 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-05-12 19:18 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Corel 2008-05-12 18:45 --------- d---a-w C:\ProgramData\TEMP 2008-05-12 15:44 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\uTorrent 2008-05-12 10:49 --------- d-----w C:\ProgramData\FLEXnet 2008-05-12 09:57 --------- d-----w C:\ProgramData\Google Updater 2008-05-11 15:05 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso 2008-05-08 14:23 --------- d-----w C:\Program Files\Common Files\LogoManager 2008-05-02 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 11:06 --------- d-----w C:\ProgramData\NVIDIA 2008-04-25 14:47 --------- d-----w C:\ProgramData\GoldWaveCDDB 2008-04-24 20:17 --------- d-----w C:\Program Files\Google 2008-04-23 22:38 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-20 20:00 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\URSoft 2008-04-16 09:10 --------- d-----w C:\Program Files\Windows Mail 2008-04-14 20:51 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\LimeWire 2008-04-09 08:29 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 08:27 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-04-09 08:27 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-04-09 08:27 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-04-09 08:27 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-04-09 08:27 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-04-09 08:27 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-04-09 08:27 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys 2008-04-09 08:27 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys 2008-04-09 08:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-06 20:55 --------- d-----w C:\ProgramData\PC Suite 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-05 18:29 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-04-04 17:30 --------- d-----w C:\ProgramData\LogiShrd 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-04-04 17:28 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2008-04-04 15:27 118,784 ------w C:\Windows\bwUnin-7.2.0.157-8876480SL.exe 2008-04-03 09:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-03 09:29 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-03 09:28 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-03 09:28 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-03 09:24 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-04-03 09:24 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-04-03 09:24 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-04-03 09:24 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-03-31 21:06 --------- d-----w C:\Program Files\DVDFab Platinum 4 2008-03-29 10:40 --------- d-----w C:\Program Files\iTunes 2008-03-29 10:14 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Apple Computer 2008-03-29 10:13 --------- d-----w C:\ProgramData\Apple Computer 2008-03-29 10:13 --------- d-----w C:\Program Files\iPod 2008-03-24 10:08 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Simply Super Software 2008-03-19 17:53 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-19 17:26 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2008-03-19 16:30 --------- d-----w C:\Program Files\CloneDVD 2008-03-19 10:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig(83).xml 2008-03-16 20:29 --------- d-----w C:\Program Files\Yamicsoft 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\PC Suite 2008-03-16 14:32 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Nokia 2008-03-16 14:18 --------- d-----w C:\ProgramData\Installations 2008-03-15 23:23 --------- d-----w C:\ProgramData\Corel 2008-03-15 23:20 --------- d-----w C:\Program Files\Corel 2008-03-15 22:44 88 --sh--r C:\Users\All Users\1CEC64F61C.sys 2008-03-15 22:44 88 --sh--r C:\ProgramData\1CEC64F61C.sys 2008-03-15 22:44 3,140 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-03-15 22:44 3,140 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-02-26 22:20 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys 2008-02-23 19:46 87,608 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe 2008-02-23 17:27 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B284B03-520B-49BC-B5E8-C361AD8D0F8C}] 2008-05-12 20:30 319104 --a------ C:\Windows\system32\geBrsRLD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FBC4632-32E5-48B2-B4B3-0886717FC73D}] C:\Windows\system32\efcbBTKa.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 00:41 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-03 11:27 1232896] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5673840] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:04 262401] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-15 17:58 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 11:53 4702208 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-02 17:41 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "MSServer"="C:\Windows\system32\khfCrPIA.dll" [2008-05-12 16:13 29312] "00369ead"="C:\Windows\system32\uoxjxveh.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] "{97F7302A-147C-4435-901C-184375993BE6}"= C:\Windows\system32\khfCrPIA.dll [2008-05-12 16:13 29312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-04 10:54 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\Windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{93116087-7167-4DEE-BBAA-968BF6EA7414}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{EA5A59E5-C92D-472F-B673-307DC2D9E1FB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1A040A73-8E19-4117-9526-362A8C90D6A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamt03.sys [2007-04-11 23:29] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtv.sys [2007-04-11 23:30] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;C:\Windows\system32\drivers\iamtxp.sys [2007-04-11 23:30] S4 ioatdma;Intel® QuickData Technology Device;C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 09:27] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;C:\Windows\system32\drivers\issetup.sys [2007-06-19 14:48] S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37] S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50] S4 SI3112;SiI-3112 SATALink Controller;C:\Windows\system32\drivers\si3112.sys [2007-01-26 13:55] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\Windows\system32\drivers\si3112r.sys [2007-02-01 16:50] S4 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\drivers\si3114.sys [2006-11-10 11:45] S4 SI3124;SiI-3124 SATALink Controller;C:\Windows\system32\drivers\si3124.sys [2006-11-02 16:20] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3124r5.sys [2006-09-20 11:38] S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 10:28] S4 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\drivers\si3531.sys [2007-06-01 10:29] S4 ViBus;ViBus;C:\Windows\system32\drivers\vibus.sys [2007-03-26 15:26] S4 ViPrt;VIA SATA IDE Device Driver;C:\Windows\system32\drivers\viprt.sys [2007-03-26 15:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 21:39:05 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\Users\Gebruiker\AppData\Local\Microsoft\Portable Devices\wpdlog01.sqm 472 bytes C:\Users\Gebruiker\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm 472 bytes C:\Users\Gebruiker\AppData\Local\Microsoft\Portable Devices\wpdlog03.sqm 472 bytes C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTY6MDOK\config[1].xml 5691 bytes Scan succesvol afgerond verborgen bestanden: 4 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\Windows\system32\winlogon.exe -> C:\Windows\system32\khfCrPIA.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe C:\Windows\System32\PSIService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Voltooingstijd: 2008-05-12 21:41:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-12 19:41:21 Pre-Run: 228,028,424,192 bytes beschikbaar Post-Run: 227,962,191,872 bytes beschikbaar 284 --- E O F --- 2008-05-09 07:19:53 Hijjackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:43:48, on 12/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\System32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\livecall.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfCrPIA.dll,#1 O4 - HKLM\..\Run: [00369ead] rundll32.exe "C:\Windows\system32\uoxjxveh.dll",b O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 5747 bytes Hoop dat je er iets mee bent. Dit is latijn voor mij!

Ik heb in de loop van deze namiddag een besmette file gedownload. Via Superantispyware kreeg ik melding van zo'n 7 Vundo type. De meesten heb ik er al vanaf gekregen via Superantispyware en Avira. Mijn IE blokkeert echter nog. Dus liet ik Vundofix los die er nog eentje kon wegkrijgen. Mij IE blokkeert echter nog bij de eerste pagina. Hier mijn HIJJACKTHIS logje : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:51, on 12/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Vista Unattended R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B284B03-520B-49BC-B5E8-C361AD8D0F8C} - C:\Windows\system32\geBrsRLD.dll O2 - BHO: (no name) - {18AE15DB-8BE9-4E53-A46D-ED406CA6981B} - C:\Windows\system32\cbXnOhHb.dll (file missing) O2 - BHO: (no name) - {6FBC4632-32E5-48B2-B4B3-0886717FC73D} - C:\Windows\system32\efcbBTKa.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {E71878D1-E549-489A-92BA-C16F9048E249} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {19188BC4-4E06-48E6-9C54-8E94425AEF02} - (no file) O3 - Toolbar: (no name) - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqPgFUk.dll,#1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - The Requested Web Page is Not Available (file missing) O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - The Requested Web Page is Not Available (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: MSI -- MICRO-STAR INT'L CO.,LTD. O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: mpfanvqg - {91C7C2E6-EF3D-4CDB-80F1-52C44F0BC5FE} - (no file) O21 - SSODL: vbksrofa - {C64F9467-7FF4-4AF1-9748-E1FD95A94742} - (no file) O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 8143 bytes Hellep