Ga naar inhoud

bureaublad weg


ankar

Aanbevolen berichten

  • Reacties 26
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Yes gelukt!!!! Hier komt ie:

ComboFix 10-09-04.06 - annelies 06-09-2010 13:19:15.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.535 [GMT 2:00]

Gestart vanuit: c:\documents and settings\annelies\Mijn documenten\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

c:\documents and settings\All Users\Application Data\Caelum

c:\documents and settings\All Users\Application Data\Caelum\hs.cpf

c:\documents and settings\All Users\Application Data\Caelum\save.cpf

c:\documents and settings\annelies\Application Data\020000009668dea8705C.manifest

c:\documents and settings\annelies\Application Data\020000009668dea8705O.manifest

c:\documents and settings\annelies\Application Data\020000009668dea8705P.manifest

c:\documents and settings\annelies\Application Data\020000009668dea8705S.manifest

c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58

c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58\enemies-names.txt

c:\documents and settings\annelies\Application Data\A44C0DDB49747E2AAF1E548EFCB78D58\local.ini

c:\documents and settings\annelies\Application Data\GrabIt

c:\documents and settings\annelies\Application Data\GrabIt\Batch.gba

c:\documents and settings\annelies\Application Data\inst.exe

c:\documents and settings\annelies\Application Data\PriceGong

c:\documents and settings\annelies\Application Data\PriceGong\Data\1.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\a.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\b.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\c.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\d.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\e.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\f.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\g.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\h.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\i.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\J.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\k.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\l.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\m.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\n.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\o.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\p.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\q.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\r.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\s.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\t.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\u.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\v.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\w.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\x.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\y.xml

c:\documents and settings\annelies\Application Data\PriceGong\Data\z.xml

c:\documents and settings\annelies\Favorieten\Videos.url

c:\documents and settings\annelies\Local Settings\Application Data\Carta

c:\documents and settings\annelies\Local Settings\Application Data\Carta\Carta.ini

c:\documents and settings\annelies\Menu Start\Programma's\Videos.url

c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server

c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server\server.dat

c:\documents and settings\picture project\Application Data\PriceGong

c:\documents and settings\picture project\Application Data\PriceGong\Data\1.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\a.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\b.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\c.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\d.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\e.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\f.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\g.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\h.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\i.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\J.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\k.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\l.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\m.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\n.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\o.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\p.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\q.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\r.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\s.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\t.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\u.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\v.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\w.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\x.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\y.xml

c:\documents and settings\picture project\Application Data\PriceGong\Data\z.xml

C:\Install.exe

c:\temp\vtmp2

c:\windows\system32\ca2bde06-be91-ee0e-1afb-cec70a86abd7.exe

C:\xcrashdump.dat

Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\system volume information\_restore{0CA45D97-5522-4CD1-9A68-1352F337E61E}\RP6\A0005542.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KWANZY_SERVICE

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-06 to 2010-09-06 ))))))))))))))))))))))))))))))

.

2010-09-06 11:19 . 2010-09-06 11:19 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\PCHealth

2010-09-06 10:21 . 2010-09-06 10:21 -------- d-----w- c:\windows\system32\KB905474

2010-09-05 10:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-09-05 09:34 . 2010-09-05 09:34 -------- d-----w- c:\documents and settings\annelies\Application Data\Rabbit's Magic Adventures

2010-09-03 14:13 . 2010-09-03 14:13 2855 ----a-w- c:\windows\explorer.PIF

2010-09-02 18:09 . 2010-09-02 18:09 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-02 16:36 . 2010-09-02 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Fishes

2010-09-02 13:48 . 2010-09-02 13:49 -------- d-----w- c:\documents and settings\annelies\mail inge

2010-08-31 17:35 . 2010-09-06 09:22 -------- d--h--r- c:\documents and settings\annelies\Onlangs geopend

2010-08-31 13:37 . 2010-08-31 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-08-30 09:36 . 2010-08-30 09:36 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Pando_Temp

2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE!

2010-08-30 07:45 . 2010-08-30 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-30 07:11 . 2010-08-30 07:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-08-30 07:10 . 2010-08-30 07:10 74312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-30 05:38 . 2010-08-30 05:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-08-29 21:18 . 2008-04-14 17:03 26112 ----a-w- c:\windows\system32\stu2.exe

2010-08-27 08:41 . 2010-08-29 10:00 -------- d-----w- c:\program files\Mystery Stories - Berlin Nights

2010-08-26 13:04 . 2010-08-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Veronica&BoD

2010-08-24 18:36 . 2010-08-27 09:58 -------- d-----w- c:\documents and settings\annelies\Application Data\Roads Of Rome

2010-08-23 08:01 . 2010-08-23 08:01 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Pando_Temp

2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\GamersFirst LIVE!

2010-08-21 14:42 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2010-08-21 14:42 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2010-08-21 14:42 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-08-21 14:42 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2010-08-21 14:42 . 2010-08-21 14:42 -------- d-----w- c:\windows\Logs

2010-08-21 14:26 . 2010-08-21 14:35 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Download-DU

2010-08-21 14:26 . 2010-09-03 19:22 -------- d-----w- c:\program files\Download-DU

2010-08-20 16:39 . 2010-08-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Madagascar

2010-08-20 06:55 . 2010-08-20 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy

2010-08-20 06:50 . 2010-08-20 06:50 -------- d-----w- c:\program files\WorldOfGoo

2010-08-19 14:18 . 2010-08-19 14:19 -------- d-----w- c:\program files\BejeweledTwist

2010-08-19 07:18 . 2010-08-19 07:18 -------- d-----w- c:\program files\4 Elements - NL

2010-08-17 17:17 . 2010-08-17 17:17 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\TheLostKingdomProphecy

2010-08-17 14:29 . 2010-09-02 18:30 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar

2010-08-16 12:24 . 2010-08-16 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualFarm

2010-08-15 15:24 . 2010-08-15 15:24 -------- d-----w- c:\documents and settings\picture project\Local Settings\Application Data\Conduit

2010-08-15 15:24 . 2010-08-15 15:24 -------- d-----w- c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1

2010-08-15 15:16 . 2010-08-21 12:23 -------- d-----w- c:\documents and settings\picture project\Tracing

2010-08-13 11:27 . 2010-09-06 11:33 -------- d-----w- c:\documents and settings\annelies\Tracing

2010-08-13 11:23 . 2010-08-13 11:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2010-08-13 11:23 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-08-13 11:22 . 2010-08-13 11:22 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-08-13 11:21 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-08-08 07:29 . 2010-09-04 07:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-08 07:28 . 2010-08-09 10:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-06 11:33 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\BitTorrent

2010-09-06 11:16 . 2001-09-07 12:00 92480 ----a-w- c:\windows\system32\perfc013.dat

2010-09-06 11:16 . 2001-09-07 12:00 512302 ----a-w- c:\windows\system32\perfh013.dat

2010-09-06 11:14 . 2008-08-24 10:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-06 10:14 . 2010-03-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-09-03 20:43 . 2009-09-22 17:53 -------- d-----w- c:\program files\Games

2010-09-03 19:27 . 2009-02-14 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-03 19:22 . 2010-05-02 12:36 -------- d-----w- c:\program files\Radio_Bar_1

2010-09-03 13:31 . 2009-11-17 17:10 -------- d-----w- c:\program files\BitTorrent

2010-08-30 06:43 . 2007-11-13 21:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2010-08-30 06:43 . 2007-11-13 21:09 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT

2010-08-29 10:00 . 2009-04-24 15:06 -------- d-----w- c:\documents and settings\annelies\Application Data\cerasus.media

2010-08-21 14:43 . 2010-06-27 11:26 -------- d-----w- c:\program files\GamersFirst

2010-08-21 12:40 . 2007-11-13 21:21 74312 -c--a-w- c:\documents and settings\picture project\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 17:29 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\annelies\Application Data\CannyGames

2010-08-16 15:01 . 2010-02-24 20:46 -------- d-----w- c:\program files\Denda Games

2010-08-16 12:24 . 2009-05-17 14:15 -------- d-----w- c:\documents and settings\annelies\Application Data\Zylom

2010-08-16 12:22 . 2009-05-17 14:15 -------- d-----w- c:\program files\Zylom Games

2010-08-15 09:32 . 2009-11-18 19:25 -------- d-----w- c:\documents and settings\annelies\Application Data\uTorrent

2010-08-13 11:23 . 2009-11-10 10:46 -------- d-----w- c:\program files\Microsoft

2010-08-13 11:23 . 2008-03-13 06:23 -------- d-----w- c:\program files\Windows Live

2010-07-22 08:42 . 2009-11-02 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-07-17 22:35 . 2007-12-14 15:16 -------- d-----w- c:\documents and settings\annelies\Application Data\LimeWire

2010-07-17 10:49 . 2009-03-12 14:16 -------- d-----w- c:\program files\QuickTime

2010-07-17 07:45 . 2008-11-02 11:14 -------- d-----w- c:\program files\DNA

2010-07-17 07:41 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\DNA

2010-07-17 07:41 . 2010-07-17 07:10 112 ----a-w- c:\documents and settings\All Users\Application Data\AeGlBX1.dat

2010-07-17 07:40 . 2010-07-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-16 04:36 . 2010-07-16 04:36 -------- d-----w- c:\documents and settings\annelies\Application Data\AVG9

2010-07-13 20:42 . 2007-11-17 14:51 -------- d-----w- c:\program files\WarRock

2010-07-13 20:42 . 2007-10-28 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-13 19:26 . 2008-11-05 17:31 -------- d-----w- c:\program files\Vuze

2010-07-13 18:39 . 2010-04-09 17:11 -------- d-----w- c:\program files\OXXOGames

2010-07-13 17:30 . 2010-04-09 17:13 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL

2010-07-13 17:21 . 2010-02-28 10:17 -------- d-----w- c:\program files\Brickshooter Egypt

2010-07-13 14:38 . 2008-05-25 09:03 -------- d-----w- c:\program files\AVG

2010-07-13 07:43 . 2007-11-01 20:30 74312 -c--a-w- c:\documents and settings\annelies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-12 08:31 . 2007-12-28 14:16 -------- d-----w- c:\program files\Google

2010-07-12 08:03 . 2009-11-02 17:28 -------- d-----w- c:\program files\Alawar

2010-07-12 08:00 . 2008-08-27 09:40 -------- d-----w- c:\program files\Disney Interactive

2010-07-12 04:39 . 2010-06-27 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-28 20:57 . 2010-07-17 07:39 38848 ----a-w- c:\windows\avastSS.scr

2010-06-28 20:57 . 2010-07-17 07:39 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-07-17 07:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-07-17 07:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-07-17 07:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-07-17 07:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2010-07-17 07:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2010-07-17 07:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-28 20:32 . 2010-07-17 07:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2007-10-28 18:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files\DNA\btdna .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Pando Networks\Media Booster\PMB .exe
c:\program files\QuickTime\qttask  .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-09-03 689016]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-01 7634944]

"nwiz"="nwiz.exe" [2007-10-01 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-01 86016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2010-09-03 11:05 689016 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"d:\\limewire\\LimeWire.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56881:TCP"= 56881:TCP:Pando Media Booster

"56881:UDP"= 56881:UDP:Pando Media Booster

"57213:TCP"= 57213:TCP:Pando Media Booster

"57213:UDP"= 57213:UDP:Pando Media Booster

"57709:TCP"= 57709:TCP:Pando Media Booster

"57709:UDP"= 57709:UDP:Pando Media Booster

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [27-5-2009 20:46 11392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17-7-2010 9:39 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17-7-2010 9:39 17744]

S1 zrvwducabgjp7;zrvwducabgjp7;c:\windows\system32\drivers\zrvwducabgjp7.sys --> c:\windows\system32\drivers\zrvwducabgjp7.sys [?]

S2 gupdate1ca051781944026;Google Updateservice (gupdate1ca051781944026);c:\program files\Google\Update\GoogleUpdate.exe [15-7-2009 8:43 133104]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [28-10-2007 20:53 20160]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-11-2008 17:23 721904]

.

Inhoud van de 'Gedeelde Taken' map

2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]

2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{5F9B21F2-C498-4B1E-86D8-424A9D80C29C}.job

- c:\windows\system32\msfeedssync.exe [2007-10-28 02:31]

2010-09-06 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-09-06 20:18]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag

mSearch Bar = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{5B6BCEFC-3466-4ED3-8853-8266BA4D1AD1} - (no file)

WebBrowser-{0FC85F5D-6207-4515-A490-45A549D285C0} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E21F584C-5746-4AA1-84FD-ADE09EDBC0BD} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{46CF08E6-2E94-478C-94FD-8B2140C6FF10} - (no file)

AddRemove-ca2bde06-be91-ee0e-1afb-cec70a86abd7 - c:\windows\system32\ca2bde06-be91-ee0e-1afb-cec70a86abd7.exe

AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-06 13:32

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\X «S*I*D*\{040CAC3F-C5B9-4F74-864D-278BFE103668}\InprocServer32]

@="c:\\WINDOWS\\System32\\dx8vb32.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3908)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-06 13:39:26 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-06 11:39

Pre-Run: 96.720.969.728 bytes beschikbaar

Post-Run: 96.749.903.872 bytes beschikbaar

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 74C64E8B948E76566ECF7F06B42708FB

Link naar reactie
Delen op andere sites

Combofix heeft behoorlijk wat rotzooi van de PC gehaald :sad

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\zrvwducabgjp7.sys

c:\windows\explorer.PIF

c:\windows\system32\stu2.exe

c:\documents and settings\All Users\Application Data\AeGlBX1.dat

Folder::

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar

c:\documents and settings\picture project\Local Settings\Application Data\Conduit

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1

c:\program files\Radio_Bar_1

Driver::

zrvwducabgjp7

Renv::

c:\program files\AVG\AVG9\avgtray .exe

c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe

c:\program files\Common Files\Ahead\Lib\NeroCheck .exe

c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe

c:\program files\DNA\btdna .exe

c:\program files\HP\HP Software Update\HPWuSchd2 .exe

c:\program files\Java\jre6\bin\jusched .exe

c:\program files\Microsoft Office\Office12\GrooveMonitor .exe

c:\program files\Pando Networks\Media Booster\PMB .exe

c:\program files\QuickTime\qttask .exe

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

ComboFix 10-09-04.06 - annelies 06-09-2010 16:59:22.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.487 [GMT 2:00]

Gestart vanuit: c:\documents and settings\annelies\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\annelies\Bureaublad\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\documents and settings\All Users\Application Data\AeGlBX1.dat"

"c:\windows\explorer.PIF"

"c:\windows\system32\drivers\zrvwducabgjp7.sys"

"c:\windows\system32\stu2.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\AeGlBX1.dat

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\cache.dat

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\config.xml

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.dll

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\Downloaded Program Files\xaddon.inf

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\setup.exe

c:\documents and settings\annelies\Local Settings\Application Data\AskToolbar\xaddon.cab

c:\documents and settings\picture project\Local Settings\Application Data\Conduit

c:\documents and settings\picture project\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=800208&fid=796027.xml

c:\documents and settings\picture project\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___freetvbar_com_icons_dice_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___freetvbar_com_icons_drifting_games_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_alien16_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_dice_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_mario_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_poker_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_solitaire_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_sonic_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_sudoku_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_games_icons_tetris_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calculator_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calendar_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_calories_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_clock_ico.ico

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_clothes_ico.ico

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_coins_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_datecalc_ico.ico

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_fileconverter_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_map_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_spellchecker_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_star_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_stopwatch_ico.ico

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_translator_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_unitconverter_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_widget_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_icons_worddef_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___oryte_com_content_todo_img_favicon_ico.ico

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_633590753577643750_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_633629754211018750_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634085821719851250_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634146209956322500_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_634150506686742500_png.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_Email_xml-10-Classic-633439771938243750_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_25_240_CT2405725_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_chevron_menu_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_equalizer_dead_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Equalizer_GIF.GIF

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Error_GIF.GIF

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_Loading_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_dn_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_maxi_over_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_dn_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_minimize_over_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_dn_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_dn_mini_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_mini_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_over_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_pause_over_mini_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_chevron_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_dn_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_dn_mini_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_mini_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_over_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_play_over_mini_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_bg_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_dn_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_over_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_chevron_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_dn_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_stop_over_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_dn_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_vol_over_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\AccountTypes.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\aol.com.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\comcast.net.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\google.com.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\hotmail.com.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\EmailNotifier\yahoo.com.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ExternalComponent\http___oryte_com_content_translate_xml_tools_xml.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ExternalComponent\http___oryte_com_content_tv_xml_games_xml.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\LanguagePack\en\LanguagePack.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\IP_Stations_Media_List.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\Predefined_Media_List.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_display_xml.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\Repository\conduit_CT2405725_CT2405725\ToolbarLogin\data.txt

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\Repository\conduit_CT2405725_CT2405725\ToolbarSettings\data.txt

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\SearchInNewTab\SearchInNewTabContent.xml

c:\documents and settings\picture project\Local Settings\Application Data\Radio_Bar_1\ThirdPartyComponents.xml

c:\program files\Radio_Bar_1

c:\program files\Radio_Bar_1\INSTALL.LOG

c:\program files\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe

c:\program files\Radio_Bar_1\tbRadi.dll

c:\program files\Radio_Bar_1\toolbar.cfg

c:\program files\Radio_Bar_1\UNWISE.EXE

c:\windows\explorer.PIF

c:\windows\system32\stu2.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_zrvwducabgjp7

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-06 to 2010-09-06 ))))))))))))))))))))))))))))))

.

2010-09-06 11:19 . 2010-09-06 11:19 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\PCHealth

2010-09-06 10:21 . 2010-09-06 10:21 -------- d-----w- c:\windows\system32\KB905474

2010-09-05 10:31 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-09-05 09:34 . 2010-09-05 09:34 -------- d-----w- c:\documents and settings\annelies\Application Data\Rabbit's Magic Adventures

2010-09-02 18:09 . 2010-09-02 18:09 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-02 16:36 . 2010-09-02 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Fishes

2010-09-02 13:48 . 2010-09-02 13:49 -------- d-----w- c:\documents and settings\annelies\mail inge

2010-08-31 17:35 . 2010-09-06 14:50 -------- d--h--r- c:\documents and settings\annelies\Onlangs geopend

2010-08-31 13:37 . 2010-08-31 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-08-30 09:36 . 2010-08-30 09:36 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Pando_Temp

2010-08-30 08:04 . 2010-08-30 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GamersFirst LIVE!

2010-08-30 07:45 . 2010-08-30 07:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-30 07:11 . 2010-08-30 07:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-08-30 07:10 . 2010-08-30 07:10 74312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-30 05:38 . 2010-08-30 05:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-08-27 08:41 . 2010-08-29 10:00 -------- d-----w- c:\program files\Mystery Stories - Berlin Nights

2010-08-26 13:04 . 2010-08-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Veronica&BoD

2010-08-24 18:36 . 2010-08-27 09:58 -------- d-----w- c:\documents and settings\annelies\Application Data\Roads Of Rome

2010-08-23 08:01 . 2010-08-23 08:01 -------- d-----r- c:\documents and settings\NetworkService\Favorieten

2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Pando_Temp

2010-08-21 14:43 . 2010-08-21 14:43 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\GamersFirst LIVE!

2010-08-21 14:42 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2010-08-21 14:42 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2010-08-21 14:42 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-08-21 14:42 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2010-08-21 14:42 . 2010-08-21 14:42 -------- d-----w- c:\windows\Logs

2010-08-21 14:26 . 2010-08-21 14:35 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\Download-DU

2010-08-21 14:26 . 2010-09-03 19:22 -------- d-----w- c:\program files\Download-DU

2010-08-20 16:39 . 2010-08-23 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Madagascar

2010-08-20 06:55 . 2010-08-20 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy

2010-08-20 06:50 . 2010-08-20 06:50 -------- d-----w- c:\program files\WorldOfGoo

2010-08-19 14:18 . 2010-08-19 14:19 -------- d-----w- c:\program files\BejeweledTwist

2010-08-19 07:18 . 2010-08-19 07:18 -------- d-----w- c:\program files\4 Elements - NL

2010-08-17 17:17 . 2010-08-17 17:17 -------- d-----w- c:\documents and settings\annelies\Local Settings\Application Data\TheLostKingdomProphecy

2010-08-16 12:24 . 2010-08-16 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualFarm

2010-08-15 15:16 . 2010-08-21 12:23 -------- d-----w- c:\documents and settings\picture project\Tracing

2010-08-13 11:27 . 2010-09-06 15:09 -------- d-----w- c:\documents and settings\annelies\Tracing

2010-08-13 11:23 . 2010-08-13 11:23 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2010-08-13 11:23 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-08-13 11:22 . 2010-08-13 11:22 -------- d-----w- c:\program files\Microsoft Sync Framework

2010-08-13 11:21 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-08-08 07:29 . 2010-09-04 07:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-08 07:28 . 2010-08-09 10:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-06 15:11 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\BitTorrent

2010-09-06 14:59 . 2008-11-02 11:14 -------- d-----w- c:\program files\DNA

2010-09-06 14:39 . 2008-08-24 10:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-06 11:16 . 2001-09-07 12:00 92480 ----a-w- c:\windows\system32\perfc013.dat

2010-09-06 11:16 . 2001-09-07 12:00 512302 ----a-w- c:\windows\system32\perfh013.dat

2010-09-06 10:14 . 2010-03-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-09-03 20:43 . 2009-09-22 17:53 -------- d-----w- c:\program files\Games

2010-09-03 19:27 . 2009-02-14 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-03 13:31 . 2009-11-17 17:10 -------- d-----w- c:\program files\BitTorrent

2010-08-30 06:43 . 2007-11-13 21:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2010-08-30 06:43 . 2007-11-13 21:09 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT

2010-08-29 10:00 . 2009-04-24 15:06 -------- d-----w- c:\documents and settings\annelies\Application Data\cerasus.media

2010-08-21 14:43 . 2010-06-27 11:26 -------- d-----w- c:\program files\GamersFirst

2010-08-21 12:40 . 2007-11-13 21:21 74312 -c--a-w- c:\documents and settings\picture project\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-20 17:29 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\annelies\Application Data\CannyGames

2010-08-16 15:01 . 2010-02-24 20:46 -------- d-----w- c:\program files\Denda Games

2010-08-16 12:24 . 2009-05-17 14:15 -------- d-----w- c:\documents and settings\annelies\Application Data\Zylom

2010-08-16 12:22 . 2009-05-17 14:15 -------- d-----w- c:\program files\Zylom Games

2010-08-15 09:32 . 2009-11-18 19:25 -------- d-----w- c:\documents and settings\annelies\Application Data\uTorrent

2010-08-13 11:23 . 2009-11-10 10:46 -------- d-----w- c:\program files\Microsoft

2010-08-13 11:23 . 2008-03-13 06:23 -------- d-----w- c:\program files\Windows Live

2010-07-22 08:42 . 2009-11-02 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-07-17 22:35 . 2007-12-14 15:16 -------- d-----w- c:\documents and settings\annelies\Application Data\LimeWire

2010-07-17 10:49 . 2009-03-12 14:16 -------- d-----w- c:\program files\QuickTime

2010-07-17 07:41 . 2008-11-02 11:14 -------- d-----w- c:\documents and settings\annelies\Application Data\DNA

2010-07-17 07:40 . 2010-07-13 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-16 04:36 . 2010-07-16 04:36 -------- d-----w- c:\documents and settings\annelies\Application Data\AVG9

2010-07-13 20:42 . 2007-11-17 14:51 -------- d-----w- c:\program files\WarRock

2010-07-13 20:42 . 2007-10-28 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-13 19:26 . 2008-11-05 17:31 -------- d-----w- c:\program files\Vuze

2010-07-13 18:39 . 2010-04-09 17:11 -------- d-----w- c:\program files\OXXOGames

2010-07-13 17:30 . 2010-04-09 17:13 -------- d-----w- c:\program files\GAMESVOORIEDEREEN.NL

2010-07-13 17:21 . 2010-02-28 10:17 -------- d-----w- c:\program files\Brickshooter Egypt

2010-07-13 14:38 . 2008-05-25 09:03 -------- d-----w- c:\program files\AVG

2010-07-13 07:43 . 2007-11-01 20:30 74312 -c--a-w- c:\documents and settings\annelies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-12 08:31 . 2007-12-28 14:16 -------- d-----w- c:\program files\Google

2010-07-12 08:03 . 2009-11-02 17:28 -------- d-----w- c:\program files\Alawar

2010-07-12 08:00 . 2008-08-27 09:40 -------- d-----w- c:\program files\Disney Interactive

2010-07-12 04:39 . 2010-06-27 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-28 20:57 . 2010-07-17 07:39 38848 ----a-w- c:\windows\avastSS.scr

2010-06-28 20:57 . 2010-07-17 07:39 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-07-17 07:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-07-17 07:39 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-07-17 07:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-07-17 07:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2010-07-17 07:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2010-07-17 07:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-28 20:32 . 2010-07-17 07:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2007-10-28 18:45 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\QuickTime\qttask  .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]

"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-09-03 689016]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-01 7634944]

"nwiz"="nwiz.exe" [2007-10-01 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-01 86016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^GamersFirst LIVE!.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\GamersFirst LIVE!.lnk

backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2010-09-03 11:05 689016 ----a-w- c:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"d:\\limewire\\LimeWire.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56881:TCP"= 56881:TCP:Pando Media Booster

"56881:UDP"= 56881:UDP:Pando Media Booster

"57213:TCP"= 57213:TCP:Pando Media Booster

"57213:UDP"= 57213:UDP:Pando Media Booster

"57709:TCP"= 57709:TCP:Pando Media Booster

"57709:UDP"= 57709:UDP:Pando Media Booster

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [27-5-2009 20:46 11392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17-7-2010 9:39 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17-7-2010 9:39 17744]

S2 gupdate1ca051781944026;Google Updateservice (gupdate1ca051781944026);c:\program files\Google\Update\GoogleUpdate.exe [15-7-2009 8:43 133104]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [28-10-2007 20:53 20160]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-11-2008 17:23 721904]

.

Inhoud van de 'Gedeelde Taken' map

2010-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 06:43]

2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{5F9B21F2-C498-4B1E-86D8-424A9D80C29C}.job

- c:\windows\system32\msfeedssync.exe [2007-10-28 02:31]

2010-09-06 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-09-06 20:18]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.shareware-ne.com/nl/index.php?rvs=hompag

mSearch Bar = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-Radio_Bar_1 Toolbar - c:\progra~1\RADIO_~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-06 17:08

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\X «S*I*D*\{040CAC3F-C5B9-4F74-864D-278BFE103668}\InprocServer32]

@="c:\\WINDOWS\\System32\\dx8vb32.dll"

"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1932)

c:\windows\system32\webcheck.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-06 17:14:33 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-06 15:14

ComboFix2.txt 2010-09-06 11:39

Pre-Run: 96.725.037.056 bytes beschikbaar

Post-Run: 96.703.463.424 bytes beschikbaar

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - E0312B8EE807A6A89A20F663F79C86EF

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:15:29, on 6-9-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-ne.com/nl/index.php?rvs=hompag

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Updateservice (gupdate1ca051781944026) (gupdate1ca051781944026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7819 bytes

Link naar reactie
Delen op andere sites

Heb even je onderwerp heropend, want er moet nog wat gebeuren om de restjes van de besmetting en de gebruikte tools op te ruimen.

Verwijder HijackThis via Software.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

P.S. : als dit allemaal gelukt is, mag je definitief "opgelost" onder dit onderwerp zetten !

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.