niewe vista pc met virus

[Isaura]

Hallo,

ik heb zopas een nieuwe pc met windows vista,maar er is blijkbaar al een virus op.

Wanneer ik in mijn hotmail ging,kwam bullgard op en toonde vier geïnfecteerde files.De files zitten in program files in de map adVantage en ze heten:

SET3185.tmp

SET7601.tmp

SET40A3.tmp

SET67CD.tmp

(gewijzigd op 29/03/2008 2:21)

Wanneer ik naar de map ga en de files scan om het probleem op te lossen,kan ik de files herstellen,maar ook wanneer dit lukt,komt een minuut daarna weer hetzelde scherm dat zegt dat de files geinfecteerd zijn.

Nu heb ik mijn log naar bullgard gestuurd,en minder dan 1 minuut later ontvang ik al een email met wat ik moet doen.Is het wel normaal dat dit zo snel gebeurd?

Hier is de email:

Dear BullGuard User,

Thank you for submitting the scan-log.

Here is what you have to do in order to remove the infections from your computer:

1. Please reboot your computer in Safe Mode by tapping the F8 key when the computers starts (before the Windows logo screen comes up) and when reaching the start up menu, please be sure to select the Safe Mode option.

Also, enable the option Show Hidden Files and Folders. In order to do so please follow the 3 steps below:

- Open Start menu > Control Panel > Folder Options > View tab.

- Search for the option Show Hidden Files and Folders and make sure it is enabled.

- Uncheck Hide Protected Operating System Files. Press Apply and Ok.

2. Browse to the following location and manually delete it by selecting it and pressing Shift+Del to make sure it doesn't end up in the Recycle Bin:

C:\Program Files\AdVantage

3. Manually empty your Recycle Bin folder by right clicking it and choose the empty Recycle Bin option; make sure that you do this on all existing accounts on your computer.

4. Remove the content of the BullGuard Quarantine this way:

- open BullGuard > Antivirus > Quarantine;

- check the box left to the "File-name" line > click on the "Delete" button.

5. Restart in Normal Mode and run another scan with BullGuard to make sure your computer is clean.

Do not hesitate to get back to us if you encounter any difficulties.

Thank you for your collaboration.

Kind regards,

Laurentiu Zburlea

BullGuard Support Team

support@bullguard.com

BullGuard Antivirus, Antispyware, Firewall, Spamfilter, Backup and Support - all the security you need in one package!

Ik heb zelf al geprobeerd om de files te deleten met shift delete zonder opnieuw op te starten en op f8 te duwen,maar ik kan ze niet verwijderen omdat ik geen toegang heb.Dat is raar omdat ik ook administrator ben net als mijn broer.

Hopelijk kan iemand mij verder helpen.

[kape]

De uitleg van Bullguard - hoewel wel ontzettend snel toegekomen - lijkt me een normale procedure om toe te passen op deze besmette bestanden en dus betrouwbaar.

Wil je toch nog even de kat uit de boom kijken - omdat je ergens aan twijfelt - maak dan eens een logje met HiJackThis. Dan kunnen we eens meekijken naar de oorzaken van de besmetting en (eventueel) een oplossing aanbieden.

[Isaura]

Ik heb hijackthis zip gedownload en heb een system scan and save a logfile gedaan.Het ging heel snel.Hier is het resultaat:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:04:44, on 29/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HomeCinema\TV Enhance\TVEService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Isaura\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206261690_a748d5fd16a8f01ebf093259b8302572&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 9227 bytes

[Isaura]

wat ik ook nog even wou zeggen is dat het virus Application.Memedia.B heet

[kape]

Dat log ziet er perfect uit. Dan moeten we even dieper gaan kijken.

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix aan je volgend bericht.

[Isaura]

Mijn antivirus hield een bestand tegen dat EICAR TEST file heet,maar er is geen optie om dit toe te laten of niet.

Hier is de combofix log:

ComboFix 08-03-27.3 - Isaura 2008-03-29 12:06:15.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.2002 [GMT 1:00]

Gestart vanuit: C:\Users\Isaura\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\#SharedObjects\YFB3CFP7\iforex.com

C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\#SharedObjects\YFB3CFP7\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Users\Isaura\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npf

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))

.

2008-03-29 00:24 . 2008-03-29 00:24 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BSplayer Pro

2008-03-29 00:24 . 2008-03-29 02:32 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BSplayer

2008-03-29 00:24 . 2008-03-29 02:32 <DIR> d-------- C:\Program Files\Webteh

2008-03-29 00:24 . 2008-03-29 02:21 <DIR> d-------- C:\Program Files\AdVantage

2008-03-28 15:46 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Searches

2008-03-28 15:46 . 2008-03-28 15:46 <DIR> d-------- C:\Users\Gast\AppData\Roaming\GTek

2008-03-28 15:46 . 2008-03-28 15:46 <DIR> d-------- C:\Users\Gast\AppData\Roaming\BullGuard

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Videos

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Saved Games

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Pictures

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Music

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Links

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Downloads

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> dr------- C:\Users\Gast\Documents

2008-03-28 15:45 . 2008-03-28 15:45 <DIR> dr------- C:\Users\Gast\Contacts

2008-03-28 15:45 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Gast\AppData\Roaming\Media Center Programs

2008-03-28 15:45 . 2008-03-28 15:46 <DIR> d--h----- C:\Users\Gast\AppData

2008-03-28 02:55 . 2008-03-28 02:55 <DIR> d-------- C:\Users\Johan\Program Files

2008-03-28 01:36 . 2008-03-29 02:26 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BitTorrent

2008-03-28 01:30 . 2008-03-29 03:22 <DIR> d-------- C:\Users\Johan\AppData\Roaming\DNA

2008-03-28 01:30 . 2008-03-28 01:30 <DIR> d-------- C:\Program Files\DNA

2008-03-28 01:30 . 2008-03-28 01:30 <DIR> d-------- C:\Program Files\BitTorrent

2008-03-26 18:09 . 2008-03-26 18:09 <DIR> d-------- C:\Users\Johan\AppData\Roaming\InstallShield Installation Information

2008-03-26 18:08 . 2008-03-26 18:08 <DIR> d-------- C:\Program Files\Unreal Tournament 3 Demo

2008-03-26 18:07 . 2008-03-26 18:07 <DIR> d-------- C:\Windows\System32\AGEIA

2008-03-26 18:07 . 2008-03-26 18:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-03-26 18:07 . 2008-03-26 18:07 <DIR> d-------- C:\Program Files\AGEIA Technologies

2008-03-26 18:00 . 2008-03-29 01:05 <DIR> d-------- C:\Users\Johan\Installs

2008-03-25 15:51 . 2008-03-25 15:51 <DIR> d-------- C:\Users\Public\CyberLink

2008-03-25 15:50 . 2008-03-25 15:50 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\CyberLink

2008-03-24 08:47 . 2008-03-24 08:47 <DIR> d-------- C:\Users\All Users\Adobe Systems

2008-03-24 08:47 . 2008-03-24 08:47 <DIR> d-------- C:\ProgramData\Adobe Systems

2008-03-24 08:39 . 2008-03-24 08:39 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

2008-03-23 09:43 . 2008-03-23 09:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music

2008-03-23 09:40 . 2008-03-23 09:41 <DIR> d-------- C:\Program Files\Java

2008-03-23 09:40 . 2008-03-23 09:40 <DIR> d-------- C:\Program Files\Common Files\Java

2008-03-23 08:54 . 2008-03-23 08:54 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\Ulead Systems

2008-03-23 07:27 . 2008-03-23 07:27 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\Template

2008-03-23 07:22 . 2008-03-23 07:22 0 --a------ C:\Users\Isaura\AppData\Roaming\wklnhst.dat

2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Videos

2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Searches

2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Saved Games

2008-03-23 06:55 . 2008-03-28 10:05 <DIR> dr------- C:\Users\Isaura\Pictures

2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Music

2008-03-23 06:55 . 2008-03-23 06:55 <DIR> dr------- C:\Users\Isaura\Links

2008-03-23 06:55 . 2008-03-28 11:09 <DIR> dr------- C:\Users\Isaura\Downloads

2008-03-23 06:55 . 2008-03-25 12:19 <DIR> dr------- C:\Users\Isaura\Documents

2008-03-23 06:55 . 2008-03-23 14:17 <DIR> dr------- C:\Users\Isaura\Contacts

2008-03-23 06:55 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\Media Center Programs

2008-03-23 06:55 . 2008-03-23 06:55 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\GTek

2008-03-23 06:55 . 2008-03-29 09:46 <DIR> d-------- C:\Users\Isaura\AppData\Roaming\BullGuard

2008-03-23 06:55 . 2008-03-23 06:55 <DIR> d--h----- C:\Users\Isaura\AppData

2008-03-22 21:17 . 2008-03-22 21:17 <DIR> d-------- C:\Program Files\GPotato

2008-03-22 21:17 . 2008-03-22 21:17 65,536 --a------ C:\Windows\IFinst27.exe

2008-03-22 19:52 . 2008-03-22 19:52 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-03-22 19:52 . 2008-03-22 19:52 <DIR> d-------- C:\Program Files\Windows Live Favorites

2008-03-22 19:48 . 2008-03-22 19:48 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-03-22 19:48 . 2008-03-22 19:48 <DIR> d-------- C:\ProgramData\WLInstaller

2008-03-22 19:48 . 2008-03-22 19:51 <DIR> d-------- C:\Program Files\Windows Live

2008-03-22 19:48 . 2008-03-22 19:51 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-22 19:38 . 2008-03-22 19:38 <DIR> d-------- C:\Users\Johan\AppData\Roaming\CyberLink

2008-03-22 19:32 . 2008-03-22 19:32 50,896 --a------ C:\Windows\System32\drivers\BdFileSpy.sys

2008-03-22 19:32 . 2008-03-22 19:32 14,152 --a------ C:\Windows\System32\lccl.dll

2008-03-22 19:32 . 2008-03-22 19:32 14,152 --a------ C:\Windows\System32\client_cc.dll

2008-03-22 19:25 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-03-22 19:25 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-03-22 19:11 . 2008-03-29 00:54 <DIR> dr------- C:\Users\Johan\Videos

2008-03-22 19:11 . 2008-03-22 19:11 <DIR> dr------- C:\Users\Johan\Searches

2008-03-22 19:11 . 2008-03-22 20:28 <DIR> dr------- C:\Users\Johan\Saved Games

2008-03-22 19:11 . 2008-03-22 19:11 <DIR> dr------- C:\Users\Johan\Pictures

2008-03-22 19:11 . 2008-03-25 00:52 <DIR> dr------- C:\Users\Johan\Music

2008-03-22 19:11 . 2008-03-22 19:11 <DIR> dr------- C:\Users\Johan\Links

2008-03-22 19:11 . 2008-03-28 03:01 <DIR> dr------- C:\Users\Johan\Downloads

2008-03-22 19:11 . 2008-03-28 01:38 <DIR> dr------- C:\Users\Johan\Documents

2008-03-22 19:11 . 2008-03-25 00:57 <DIR> dr------- C:\Users\Johan\Contacts

2008-03-22 19:11 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Johan\AppData\Roaming\Media Center Programs

2008-03-22 19:11 . 2008-03-22 19:11 <DIR> d-------- C:\Users\Johan\AppData\Roaming\GTek

2008-03-22 19:11 . 2008-03-29 02:30 <DIR> d-------- C:\Users\Johan\AppData\Roaming\BullGuard

2008-03-22 19:11 . 2008-03-28 22:22 <DIR> d--h----- C:\Users\Johan\AppData

2008-03-22 19:06 . 2008-03-22 19:06 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-------- C:\Users\All Users\Google

2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-a------ C:\Program Files\GoogleEULA

2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-------- C:\Program Files\Google

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 23:11 --------- d-----w C:\ProgramData\BullGuard

2008-03-25 14:51 --------- d-----w C:\ProgramData\Cyberlink

2008-03-24 07:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-24 07:40 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-22 19:01 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-22 18:28 --------- d-----w C:\Program Files\Windows Mail

2008-03-22 18:12 --------- d-----w C:\ProgramData\Gtek

2008-03-22 18:11 --------- d-----w C:\ProgramData\NVIDIA

2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Sjablonen

2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Menu Start

2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Favorieten

2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Documenten

2008-03-22 18:07 --------- d-sh--w C:\ProgramData\Bureaublad

2008-02-13 12:07 --------- d-----w C:\Program Files\HomeCinema

2008-02-13 12:03 --------- d-----w C:\Program Files\Cyberlink

2008-02-13 12:01 --------- d-----w C:\Program Files\Common Files\Nero

2008-02-13 12:00 --------- d-----w C:\ProgramData\Nero

2008-02-13 12:00 --------- d-----w C:\Program Files\Nero

2008-02-13 11:01 --------- d-----w C:\Program Files\Windows Sidebar

2008-02-13 10:57 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-13 10:57 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-13 10:57 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-13 10:57 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-13 10:57 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-13 10:57 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-13 10:57 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-13 10:57 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-13 10:57 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 10:56 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 10:56 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 10:56 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-02-13 10:56 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 10:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2008-02-13 10:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2008-02-13 10:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 10:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 10:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 10:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 10:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2008-02-13 10:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2008-02-13 10:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 10:18 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-02-13 10:18 --------- d-----w C:\Program Files\Realtek

2007-10-12 14:08 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-13 11:55 1232896]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]

"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2008-03-22 19:32 308552]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 14:41 970752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-12 13:39 1006264]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"TVEService"="C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 17:42 155648]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 23:19 178712]

"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2008-03-22 19:32 308552]

"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 10:14 439512]

"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 10:18 215256]

"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 15:50 4706304 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-10-11 11:04 1826816 C:\Windows\SkyTel.exe]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-14 03:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-14 03:28 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-14 03:28 81920]

"toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 14:54 16896]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-22 19:00 220160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7D4572D2-8784-406B-A5F8-4D2D5959C3C3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{FFADDC61-246B-4985-9A66-50351C78F6D6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{31767E90-F446-4E00-812E-84AA42CC264D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{750444E4-9977-4204-98A1-6D956B2E46DC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{AEDD3BB0-38BB-4736-9DB4-96BF96EAE3F1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{B07A6A26-92B7-4FCE-B8C3-EAE549466843}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{3C6AF1D9-ACF3-4195-9602-5EF8FAC65380}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{1FED2666-923C-4A82-B741-A7FC4EE1D9F6}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{C06E1107-89C0-4DAF-978F-9DD588D3FC36}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{11297E20-CFAF-45CB-89E6-465AA8EA2C4E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{4A72BF13-1DD4-484F-8692-152511D4C267}"= C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance

"{D72B71F6-74BE-4417-98C6-370B0F1B93FE}"= C:\Program Files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program

"{0957244D-6AE3-404A-9F9F-20549BB40341}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc

"{B3CA7FFE-CC21-47A4-AFC3-C66C42F4E449}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{60F06109-F1C7-4580-85F1-025D1A64AD15}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

"{906B0A98-9444-4ADD-B60F-D7799BFD7001}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B5C547E7-36CF-452B-A9C5-BD4617420527}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{C9B8E7A3-F83F-45F0-A817-7B3265D1AE16}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{7D6425E2-1F92-4D90-836F-733159D20C87}"= UDP:C:\Program Files\DNA\btdna.exe:DNA

"{ABD58CF4-69CA-4B43-940F-9F30D5235D64}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

"TCP Query User{A2DB6E66-4D77-4B4F-801A-B1CB83AB0BE3}C:\\users\\johan\\program files\\dna\\btdna.exe"= UDP:C:\users\johan\program files\dna\btdna.exe:btdna.exe

"UDP Query User{A89BA770-26CA-40F6-BD47-E1B4189F41DF}C:\\users\\johan\\program files\\dna\\btdna.exe"= TCP:C:\users\johan\program files\dna\btdna.exe:btdna.exe

"{0A4C0597-A28C-4EE3-B9A9-06D7FB94FA80}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{07238CDA-4C18-47F6-8C17-21B3B05EA1C2}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 BdFileSpy;BullGuard File Monitor Driver;C:\Windows\system32\drivers\BdFileSpy.sys [2008-03-22 19:32]

R2 BsFileScan;BullGuard File Scan Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 11:46]

R2 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 10:14]

R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]

R2 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 10:17]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe" [2007-10-19 17:42]

R2 TVESched;TVEnhance Task Scheduler (TTS));"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe" [2007-10-19 17:42]

R3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 08:17]

R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-10-30 13:58]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-09-21 09:38]

R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Software\BullGuard\reconn.sys [2007-05-16 12:07]

R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 09:31]

S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 10:15]

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-22 18:52:21 C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-29 12:10:04

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

.

**************************************************************************

.

Voltooingstijd: 2008-03-29 12:12:27 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-29 11:12:21

Pre-Run: 407,560,515,584 bytes beschikbaar

Post-Run: 407,763,890,176 bytes beschikbaar

.

2008-03-25 23:12:45 --- E O F ---

[kape]

Dat ziet er erg netjes uit. Verwijder alleen het volgende vetgedrukte bestand met Windows Verkenner :

C:\Windows\IFinst27.exe

en dan wordt het afwachten of Bullguard in de toekomst nog wat te vertellen heeft. Ik neem aan van niet ... maar mocht het toch zo zijn, laat dan hier maar weer iets van je horen.

Verwijder nog wel even het gebruikte programma Combofix van je PC.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

[kape]

Bij gebrek aan reactie sluiten we dit onderwerp af. Mocht je toch nog verder willen gaan met dit onderwerp, geef dan een seintje aan één van de moderators.